The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.
The Framework Core provides a set of desired cybersecurity activities and outcomes using common language that is easy to understand. The Core guides organizations in managing and reducing their cybersecurity risks in a way that complements an organization’s existing cybersecurity and risk management processes.
The Framework Implementation Tiers assist organizations by providing context on how an organization views cybersecurity risk management. The Tiers guide organizations to consider the appropriate level of rigour for their cybersecurity program and are often used as a communication tool to discuss risk appetite, mission priority, and budget.
Framework Profiles are an organization’s unique alignment of their organizational requirements and objectives, risk appetite, and resources against the desired outcomes of the Framework Core. Profiles are primarily used to identify and prioritize opportunities for improving cybersecurity at an organization.
The NIST Cybersecurity Framework was intended to be a living document that is refined, improved, and evolves over time. These updates help the Framework keep pace with technology and threat trends, integrate lessons learned, and move best practice to common practice. NIST first produced the Framework in 2014 and updated it in April 2018 with CSF 1.1. Based on stakeholder feedback, and with a motive to include wider business verticals due to change in cybersecurity landscape and to help organizations more easily and effectively manage cybersecurity risk, NIST is working on a new, more significant update to the Framework: CSF 2.0.
Currently we are at below step and final version will be release by early 2024
Current and Target Profiles
CSF 1.1
Title:“Framework for Improving Critical Infrastructure Cybersecurity”
CSF Draft 2.0
Title: “The NIST Cybersecurity Framework 2.0”
A new function “Govern” is Introduced
The framework (2.0) can be used to understand, assess, prioritize, and communicate about cybersecurity risks:
Prioritize opportunities to improve cybersecurity risk management.
Also read: Attacking and defending SCADA systems
NIST CSF 2.0 will become a milestone for a robust security framework of any organization. It has become more granular and easier to understand & implement. More n more cyber security professional will take advantage of it. Security Professionals are eagerly waiting for final version that will be released by early 2024.
AI-powered talent ecosystems are redefining enterprise success driving faster hiring, agile workforce mobility, ethical AI governance, and measurable growth.
Embedded finance isn’t merely a product evolution, it’s a structural shift in how financial services are consumed, delivered, and monetized. For banks, embedded finance must be treated as a strategic opportunity to lead ecosystem value creation and not a defensive response to fintech disruption.
Generative AI is transforming supply chains by reducing decision latency, enabling real-time scenario planning, and turning supply chain intelligence into a strategic business enabler. Discover how GenAI reshapes planning, resilience, and growth.
Altimetrik is committed to protecting your personal information. To apply for a position, you will need to provide your email address and create a login. Your information will be used in accordance with applicable data privacy laws, our Privacy Policy, and our Privacy Notice.
