NIST Drafts Major Update to Its Widely Used Cybersecurity Framework

<!DOCTYPE html> <html lang="en" dir="ltr" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# schema: http://schema.org/ sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema# "> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework","20230924034600","https://web.archive.org/","web","/_static/", "1695527160"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" />  <meta charset="utf-8"/><script type="text/javascript">(window.NREUM||(NREUM={})).init={ajax:{deny_list:["gov-bam.nr-data.net"]}};(window.NREUM||(NREUM={})).loader_config={licenseKey:"37b7ccb661",applicationID:"1089704227"};;/*! For license information please see nr-loader-rum-1.241.0.min.js.LICENSE.txt */ (()=>{"use strict";var e,t,n={5763:(e,t,n)=>{n.d(t,{P_:()=>g,Mt:()=>h,C5:()=>s,DL:()=>b,OP:()=>E,lF:()=>k,Yu:()=>w,Dg:()=>p,CX:()=>c,GE:()=>y,sU:()=>j});var r=n(8632),i=n(9567);const a={beacon:r.ce.beacon,errorBeacon:r.ce.errorBeacon,licenseKey:void 0,applicationID:void 0,sa:void 0,queueTime:void 0,applicationTime:void 0,ttGuid:void 0,user:void 0,account:void 0,product:void 0,extra:void 0,jsAttributes:{},userAttributes:void 0,atts:void 0,transactionName:void 0,tNamePlain:void 0},o={};function s(e){if(!e)throw new Error("All info objects require an agent identifier!");if(!o[e])throw new Error("Info for ".concat(e," was never set"));return o[e]}function c(e,t){if(!e)throw new Error("All info objects require an agent identifier!");o[e]=(0,i.D)(t,a),(0,r.Qy)(e,o[e],"info")}var u=n(7056);const d=()=>{const e={block_selector:"[data-nr-block]",mask_input_options:{password:!0}};return{proxy:{assets:void 0,beacon:void 0},privacy:{cookies_enabled:!0},ajax:{deny_list:void 0,block_internal:!0,enabled:!0,harvestTimeSeconds:10,autoStart:!0},distributed_tracing:{enabled:void 0,exclude_newrelic_header:void 0,cors_use_newrelic_header:void 0,cors_use_tracecontext_headers:void 0,allowed_origins:void 0},session:{domain:void 0,expiresMs:u.oD,inactiveMs:u.Hb},ssl:void 0,obfuscate:void 0,jserrors:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},metrics:{enabled:!0,autoStart:!0},page_action:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},page_view_event:{enabled:!0,autoStart:!0},page_view_timing:{enabled:!0,harvestTimeSeconds:30,long_task:!1,autoStart:!0},session_trace:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},harvest:{tooManyRequestsDelay:60},session_replay:{autoStart:!0,enabled:!1,harvestTimeSeconds:60,sampling_rate:50,error_sampling_rate:50,mask_text_selector:"*",mask_all_inputs:!0,get block_class(){return"nr-block"},get ignore_class(){return"nr-ignore"},get mask_text_class(){return"nr-mask"},get block_selector(){return e.block_selector},set block_selector(t){e.block_selector+=",".concat(t)},get mask_input_options(){return e.mask_input_options},set mask_input_options(t){e.mask_input_options={...t,password:!0}}},spa:{enabled:!0,harvestTimeSeconds:10,autoStart:!0}}},l={},f="All configuration objects require an agent identifier!";function g(e){if(!e)throw new Error(f);if(!l[e])throw new Error("Configuration for ".concat(e," was never set"));return l[e]}function p(e,t){if(!e)throw new Error(f);l[e]=(0,i.D)(t,d()),(0,r.Qy)(e,l[e],"config")}function h(e,t){if(!e)throw new Error(f);var n=g(e);if(n){for(var r=t.split("."),i=0;i<r.length-1;i++)if("object"!=typeof(n=n[r[i]]))return;n=n[r[r.length-1]]}return n}const v={accountID:void 0,trustKey:void 0,agentID:void 0,licenseKey:void 0,applicationID:void 0,xpid:void 0},m={};function b(e){if(!e)throw new Error("All loader-config objects require an agent identifier!");if(!m[e])throw new Error("LoaderConfig for ".concat(e," was never set"));return m[e]}function y(e,t){if(!e)throw new Error("All loader-config objects require an agent identifier!");m[e]=(0,i.D)(t,v),(0,r.Qy)(e,m[e],"loader_config")}const w=(0,r.mF)().o;var A=n(385),x=n(6818);const _={buildEnv:x.Re,customTransaction:void 0,disabled:!1,distMethod:x.gF,isolatedBacklog:!1,loaderType:void 0,maxBytes:3e4,offset:Math.floor(A._A?.performance?.timeOrigin||A._A?.performance?.timing?.navigationStart||Date.now()),onerror:void 0,origin:""+A._A.location,ptid:void 0,releaseIds:{},session:void 0,xhrWrappable:"function"==typeof A._A.XMLHttpRequest?.prototype?.addEventListener,version:x.q4,denyList:void 0},D={};function E(e){if(!e)throw new Error("All runtime objects require an agent identifier!");if(!D[e])throw new Error("Runtime for ".concat(e," was never set"));return D[e]}function j(e,t){if(!e)throw new Error("All runtime objects require an agent identifier!");D[e]=(0,i.D)(t,_),(0,r.Qy)(e,D[e],"runtime")}function k(e){return function(e){try{const t=s(e);return!!t.licenseKey&&!!t.errorBeacon&&!!t.applicationID}catch(e){return!1}}(e)}},9567:(e,t,n)=>{n.d(t,{D:()=>i});var r=n(50);function i(e,t){try{if(!e||"object"!=typeof e)return(0,r.Z)("Setting a Configurable requires an object as input");if(!t||"object"!=typeof t)return(0,r.Z)("Setting a Configurable requires a model to set its initial properties");const n=Object.create(Object.getPrototypeOf(t),Object.getOwnPropertyDescriptors(t)),a=0===Object.keys(n).length?e:n;for(let o in a)if(void 0!==e[o])try{"object"==typeof e[o]&&"object"==typeof t[o]?n[o]=i(e[o],t[o]):n[o]=e[o]}catch(e){(0,r.Z)("An error occurred while setting a property of a Configurable",e)}return n}catch(e){(0,r.Z)("An error occured while setting a Configurable",e)}}},6818:(e,t,n)=>{n.d(t,{Re:()=>i,gF:()=>a,q4:()=>r});const r="1.241.0",i="PROD",a="CDN"},385:(e,t,n)=>{n.d(t,{Nk:()=>d,Tt:()=>s,_A:()=>a,cv:()=>l,iS:()=>o,il:()=>r,ux:()=>c,v6:()=>i,w1:()=>u});const r="undefined"!=typeof window&&!!window.document,i="undefined"!=typeof WorkerGlobalScope&&("undefined"!=typeof self&&self instanceof WorkerGlobalScope&&self.navigator instanceof WorkerNavigator||"undefined"!=typeof globalThis&&globalThis instanceof WorkerGlobalScope&&globalThis.navigator instanceof WorkerNavigator),a=r?window:"undefined"!=typeof WorkerGlobalScope&&("undefined"!=typeof self&&self instanceof WorkerGlobalScope&&self||"undefined"!=typeof globalThis&&globalThis instanceof WorkerGlobalScope&&globalThis),o=Boolean("hidden"===a?.document?.visibilityState),s=(a?.location,/iPad|iPhone|iPod/.test(a.navigator?.userAgent)),c=s&&"undefined"==typeof SharedWorker,u=((()=>{const e=a.navigator?.userAgent?.match(/Firefox[/\s](\d+\.\d+)/);Array.isArray(e)&&e.length>=2&&e[1]})(),Boolean(r&&window.document.documentMode)),d=!!a.navigator?.sendBeacon,l=Math.floor(a?.performance?.timeOrigin||a?.performance?.timing?.navigationStart||Date.now())},1117:(e,t,n)=>{n.d(t,{w:()=>a});var r=n(50);const i={agentIdentifier:"",ee:void 0};class a{constructor(e){try{if("object"!=typeof e)return(0,r.Z)("shared context requires an object as input");this.sharedContext={},Object.assign(this.sharedContext,i),Object.entries(e).forEach((e=>{let[t,n]=e;Object.keys(i).includes(t)&&(this.sharedContext[t]=n)}))}catch(e){(0,r.Z)("An error occured while setting SharedContext",e)}}}},8e3:(e,t,n)=>{n.d(t,{L:()=>d,R:()=>c});var r=n(8325),i=n(1284),a=n(4322),o=n(3325);const s={};function c(e,t){const n={staged:!1,priority:o.p[t]||0};u(e),s[e].get(t)||s[e].set(t,n)}function u(e){e&&(s[e]||(s[e]=new Map))}function d(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"",t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"feature";if(u(e),!e||!s[e].get(t))return o(t);s[e].get(t).staged=!0;const n=[...s[e]];function o(t){const n=e?r.ee.get(e):r.ee,o=a.X.handlers;if(n.backlog&&o){var s=n.backlog[t],c=o[t];if(c){for(var u=0;s&&u<s.length;++u)l(s[u],c);(0,i.D)(c,(function(e,t){(0,i.D)(t,(function(t,n){n[0].on(e,n[1])}))}))}delete o[t],n.backlog[t]=null,n.emit("drain-"+t,[])}}n.every((e=>{let[t,n]=e;return n.staged}))&&(n.sort(((e,t)=>e[1].priority-t[1].priority)),n.forEach((t=>{let[n]=t;s[e].delete(n),o(n)})))}function l(e,t){var n=e[1];(0,i.D)(t[n],(function(t,n){var r=e[0];if(n[0]===r){var i=n[1],a=e[3],o=e[2];i.apply(a,o)}}))}},8325:(e,t,n)=>{n.d(t,{A:()=>c,ee:()=>u});var r=n(8632),i=n(2210),a=n(5763);class o{constructor(e){this.contextId=e}}var s=n(3117);const c="nr@context:".concat(s.a),u=function e(t,n){var r={},s={},d={},f=!1;try{f=16===n.length&&(0,a.OP)(n).isolatedBacklog}catch(e){}var g={on:h,addEventListener:h,removeEventListener:function(e,t){var n=r[e];if(!n)return;for(var i=0;i<n.length;i++)n[i]===t&&n.splice(i,1)},emit:function(e,n,r,i,a){!1!==a&&(a=!0);if(u.aborted&&!i)return;t&&a&&t.emit(e,n,r);for(var o=p(r),c=v(e),d=c.length,l=0;l<d;l++)c[l].apply(o,n);var f=b()[s[e]];f&&f.push([g,e,n,o]);return o},get:m,listeners:v,context:p,buffer:function(e,t){const n=b();if(t=t||"feature",g.aborted)return;Object.entries(e||{}).forEach((e=>{let[r,i]=e;s[i]=t,t in n||(n[t]=[])}))},abort:l,aborted:!1,isBuffering:function(e){return!!b()[s[e]]},debugId:n,backlog:f?{}:t&&"object"==typeof t.backlog?t.backlog:{}};return g;function p(e){return e&&e instanceof o?e:e?(0,i.X)(e,c,(()=>new o(c))):new o(c)}function h(e,t){r[e]=v(e).concat(t)}function v(e){return r[e]||[]}function m(t){return d[t]=d[t]||e(g,t)}function b(){return g.backlog}}(void 0,"globalEE"),d=(0,r.fP)();function l(){u.aborted=!0,u.backlog={}}d.ee||(d.ee=u)},5546:(e,t,n)=>{n.d(t,{E:()=>r,p:()=>i});var r=n(8325).ee.get("handle");function i(e,t,n,i,a){a?(a.buffer([e],i),a.emit(e,t,n)):(r.buffer([e],i),r.emit(e,t,n))}},4322:(e,t,n)=>{n.d(t,{X:()=>a});var r=n(5546);a.on=o;var i=a.handlers={};function a(e,t,n,a){o(a||r.E,i,e,t,n)}function o(e,t,n,i,a){a||(a="feature"),e||(e=r.E);var o=t[a]=t[a]||{};(o[n]=o[n]||[]).push([e,i])}},3239:(e,t,n)=>{n.d(t,{bP:()=>s,iz:()=>c,m$:()=>o});var r=n(385);let i=!1,a=!1;try{const e={get passive(){return i=!0,!1},get signal(){return a=!0,!1}};r._A.addEventListener("test",null,e),r._A.removeEventListener("test",null,e)}catch(e){}function o(e,t){return i||a?{capture:!!e,passive:i,signal:t}:!!e}function s(e,t){let n=arguments.length>2&&void 0!==arguments[2]&&arguments[2],r=arguments.length>3?arguments[3]:void 0;window.addEventListener(e,t,o(n,r))}function c(e,t){let n=arguments.length>2&&void 0!==arguments[2]&&arguments[2],r=arguments.length>3?arguments[3]:void 0;document.addEventListener(e,t,o(n,r))}},3117:(e,t,n)=>{n.d(t,{a:()=>r});const r=(0,n(4402).Rl)()},4402:(e,t,n)=>{n.d(t,{Rl:()=>o,ky:()=>s});var r=n(385);const i="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx";function a(e,t){return e?15&e[t]:16*Math.random()|0}function o(){const e=r._A?.crypto||r._A?.msCrypto;let t,n=0;return e&&e.getRandomValues&&(t=e.getRandomValues(new Uint8Array(31))),i.split("").map((e=>"x"===e?a(t,++n).toString(16):"y"===e?(3&a()|8).toString(16):e)).join("")}function s(e){const t=r._A?.crypto||r._A?.msCrypto;let n,i=0;t&&t.getRandomValues&&(n=t.getRandomValues(new Uint8Array(31)));const o=[];for(var s=0;s<e;s++)o.push(a(n,++i).toString(16));return o.join("")}},7056:(e,t,n)=>{n.d(t,{Bq:()=>r,Hb:()=>a,oD:()=>i});const r="NRBA",i=144e5,a=18e5},7894:(e,t,n)=>{function r(){return Math.round(performance.now())}n.d(t,{z:()=>r})},50:(e,t,n)=>{function r(e,t){"function"==typeof console.warn&&(console.warn("New Relic: ".concat(e)),t&&console.warn(t))}n.d(t,{Z:()=>r})},2587:(e,t,n)=>{n.d(t,{N:()=>c,T:()=>u});var r=n(8325),i=n(5546),a=n(3325);const o={stn:[a.D.sessionTrace],err:[a.D.jserrors,a.D.metrics],ins:[a.D.pageAction],spa:[a.D.spa],sr:[a.D.sessionReplay,a.D.sessionTrace]},s=new Set;function c(e,t){const n=r.ee.get(t);e&&"object"==typeof e&&(s.has(t)||Object.entries(e).forEach((e=>{let[t,r]=e;o[t]?o[t].forEach((e=>{r?(0,i.p)("feat-"+t,[],void 0,e,n):(0,i.p)("block-"+t,[],void 0,e,n),(0,i.p)("rumresp-"+t,[Boolean(r)],void 0,e,n)})):r&&(0,i.p)("feat-"+t,[],void 0,void 0,n),u[t]=Boolean(r)})),Object.keys(o).forEach((e=>{void 0===u[e]&&(o[e]?.forEach((t=>(0,i.p)("rumresp-"+e,[!1],void 0,t,n))),u[e]=!1)})),s.add(t))}const u={}},2210:(e,t,n)=>{n.d(t,{X:()=>i});var r=Object.prototype.hasOwnProperty;function i(e,t,n){if(r.call(e,t))return e[t];var i=n();if(Object.defineProperty&&Object.keys)try{return Object.defineProperty(e,t,{value:i,writable:!0,enumerable:!1}),i}catch(e){}return e[t]=i,i}},1284:(e,t,n)=>{n.d(t,{D:()=>r});const r=(e,t)=>Object.entries(e||{}).map((e=>{let[n,r]=e;return t(n,r)}))},4351:(e,t,n)=>{n.d(t,{P:()=>a});var r=n(8325);const i=()=>{const e=new WeakSet;return(t,n)=>{if("object"==typeof n&&null!==n){if(e.has(n))return;e.add(n)}return n}};function a(e){try{return JSON.stringify(e,i())}catch(e){try{r.ee.emit("internal-error",[e])}catch(e){}}}},3960:(e,t,n)=>{n.d(t,{K:()=>o,b:()=>a});var r=n(3239);function i(){return"undefined"==typeof document||"complete"===document.readyState}function a(e,t){if(i())return e();(0,r.bP)("load",e,t)}function o(e){if(i())return e();(0,r.iz)("DOMContentLoaded",e)}},8632:(e,t,n)=>{n.d(t,{EZ:()=>u,Qy:()=>c,ce:()=>a,fP:()=>o,gG:()=>d,mF:()=>s});var r=n(7894),i=n(385);const a={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net"};function o(){return i._A.NREUM||(i._A.NREUM={}),void 0===i._A.newrelic&&(i._A.newrelic=i._A.NREUM),i._A.NREUM}function s(){let e=o();return e.o||(e.o={ST:i._A.setTimeout,SI:i._A.setImmediate,CT:i._A.clearTimeout,XHR:i._A.XMLHttpRequest,REQ:i._A.Request,EV:i._A.Event,PR:i._A.Promise,MO:i._A.MutationObserver,FETCH:i._A.fetch}),e}function c(e,t,n){let i=o();const a=i.initializedAgents||{},s=a[e]||{};return Object.keys(s).length||(s.initializedAt={ms:(0,r.z)(),date:new Date}),i.initializedAgents={...a,[e]:{...s,[n]:t}},i}function u(e,t){o()[e]=t}function d(){return function(){let e=o();const t=e.info||{};e.info={beacon:a.beacon,errorBeacon:a.errorBeacon,...t}}(),function(){let e=o();const t=e.init||{};e.init={...t}}(),s(),function(){let e=o();const t=e.loader_config||{};e.loader_config={...t}}(),o()}},7956:(e,t,n)=>{n.d(t,{N:()=>i});var r=n(3239);function i(e){let t=arguments.length>1&&void 0!==arguments[1]&&arguments[1],n=arguments.length>2?arguments[2]:void 0,i=arguments.length>3?arguments[3]:void 0;(0,r.iz)("visibilitychange",(function(){if(t)return void("hidden"===document.visibilityState&&e());e(document.visibilityState)}),n,i)}},3081:(e,t,n)=>{n.d(t,{gF:()=>a,mY:()=>i,t9:()=>r,vz:()=>s,xS:()=>o});const r=n(3325).D.metrics,i="sm",a="cm",o="storeSupportabilityMetrics",s="storeEventMetrics"},7633:(e,t,n)=>{n.d(t,{t:()=>r});const r=n(3325).D.pageViewEvent},9251:(e,t,n)=>{n.d(t,{t:()=>r});const r=n(3325).D.pageViewTiming},5938:(e,t,n)=>{n.d(t,{W:()=>a});var r=n(5763),i=n(8325);class a{constructor(e,t,n){this.agentIdentifier=e,this.aggregator=t,this.ee=i.ee.get(e,(0,r.OP)(this.agentIdentifier).isolatedBacklog),this.featureName=n,this.blocked=!1}}},7530:(e,t,n)=>{n.d(t,{j:()=>b});var r=n(3325),i=n(5763),a=n(5546),o=n(8325),s=n(7894),c=n(8e3),u=n(3960),d=n(385),l=n(50),f=n(3081),g=n(8632);function p(){const e=(0,g.gG)();["setErrorHandler","finished","addToTrace","inlineHit","addRelease","addPageAction","setCurrentRouteName","setPageViewName","setCustomAttribute","interaction","noticeError","setUserId","setApplicationVersion","start"].forEach((t=>{e[t]=function(){for(var n=arguments.length,r=new Array(n),i=0;i<n;i++)r[i]=arguments[i];return function(t){for(var n=arguments.length,r=new Array(n>1?n-1:0),i=1;i<n;i++)r[i-1]=arguments[i];let a=[];return Object.values(e.initializedAgents).forEach((e=>{e.exposed&&e.api[t]&&a.push(e.api[t](...r))})),a.length>1?a:a[0]}(t,...r)}}))}var h=n(2587);const v=e=>{n.p=e};let m=!1;function b(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},b=arguments.length>2?arguments[2]:void 0,y=arguments.length>3?arguments[3]:void 0,{init:w,info:A,loader_config:x,runtime:_={loaderType:b},exposed:D=!0}=t;const E=(0,g.gG)();A||(w=E.init,A=E.info,x=E.loader_config),(0,i.Dg)(e,w||{}),(0,i.GE)(e,x||{}),A.jsAttributes??={},d.v6&&(A.jsAttributes.isWorker=!0),(0,i.CX)(e,A);const j=(0,i.P_)(e),k=[A.beacon,A.errorBeacon];m||(m=!0,j.proxy.assets&&(v(j.proxy.assets+"/"),k.push(j.proxy.assets)),j.proxy.beacon&&k.push(j.proxy.beacon)),_.denyList=[...j.ajax.deny_list||[],...j.ajax.block_internal?k:[]],(0,i.sU)(e,_),p();const T=function(e,t){t||(0,c.R)(e,"api");const g={};var p=o.ee.get(e),h=p.get("tracer"),v="api-",m=v+"ixn-";function b(t,n,r,a){const o=(0,i.C5)(e);return null===n?delete o.jsAttributes[t]:(0,i.CX)(e,{...o,jsAttributes:{...o.jsAttributes,[t]:n}}),A(v,r,!0,a||null===n?"session":void 0)(t,n)}function y(){}["setErrorHandler","finished","addToTrace","inlineHit","addRelease"].forEach((e=>{g[e]=A(v,e,!0,"api")})),g.addPageAction=A(v,"addPageAction",!0,r.D.pageAction),g.setCurrentRouteName=A(v,"routeName",!0,r.D.spa),g.setPageViewName=function(t,n){if("string"==typeof t)return"/"!==t.charAt(0)&&(t="/"+t),(0,i.OP)(e).customTransaction=(n||"https://web.archive.org/web/20230924034600/http://custom.transaction")+t,A(v,"setPageViewName",!0)()},g.setCustomAttribute=function(e,t){let n=arguments.length>2&&void 0!==arguments[2]&&arguments[2];if("string"==typeof e){if(["string","number"].includes(typeof t)||null===t)return b(e,t,"setCustomAttribute",n);(0,l.Z)("Failed to execute setCustomAttribute.\nNon-null value must be a string or number type, but a type of <".concat(typeof t,"> was provided."))}else(0,l.Z)("Failed to execute setCustomAttribute.\nName must be a string type, but a type of <".concat(typeof e,"> was provided."))},g.setUserId=function(e){if("string"==typeof e||null===e)return b("enduser.id",e,"setUserId",!0);(0,l.Z)("Failed to execute setUserId.\nNon-null value must be a string type, but a type of <".concat(typeof e,"> was provided."))},g.setApplicationVersion=function(e){if("string"==typeof e||null===e)return b("application.version",e,"setApplicationVersion",!1);(0,l.Z)("Failed to execute setApplicationVersion. Expected <String | null>, but got <".concat(typeof e,">."))},g.start=e=>{try{const t=e?"defined":"undefined";(0,a.p)(f.xS,["API/start/".concat(t,"/called")],void 0,r.D.metrics,p);const n=Object.values(r.D);if(void 0===e)e=n;else{if((e=Array.isArray(e)&&e.length?e:[e]).some((e=>!n.includes(e))))return(0,l.Z)("Invalid feature name supplied. Acceptable feature names are: ".concat(n));e.includes(r.D.pageViewEvent)||e.push(r.D.pageViewEvent)}e.forEach((e=>{p.emit("".concat(e,"-opt-in"))}))}catch(e){(0,l.Z)("An unexpected issue occurred",e)}},g.interaction=function(){return(new y).get()};var w=y.prototype={createTracer:function(e,t){var n={},i=this,o="function"==typeof t;return(0,a.p)(m+"tracer",[(0,s.z)(),e,n],i,r.D.spa,p),function(){if(h.emit((o?"":"no-")+"fn-start",[(0,s.z)(),i,o],n),o)try{return t.apply(this,arguments)}catch(e){throw h.emit("fn-err",[arguments,this,e],n),e}finally{h.emit("fn-end",[(0,s.z)()],n)}}}};function A(e,t,n,i){return function(){return(0,a.p)(f.xS,["API/"+t+"/called"],void 0,r.D.metrics,p),i&&(0,a.p)(e+t,[(0,s.z)(),...arguments],n?null:this,i,p),n?void 0:this}}function x(){n.e(75).then(n.bind(n,7438)).then((t=>{let{setAPI:n}=t;n(e),(0,c.L)(e,"api")})).catch((()=>(0,l.Z)("Downloading runtime APIs failed...")))}return["actionText","setName","setAttribute","save","ignore","onEnd","getContext","end","get"].forEach((e=>{w[e]=A(m,e,void 0,r.D.spa)})),g.noticeError=function(e,t){"string"==typeof e&&(e=new Error(e)),(0,a.p)(f.xS,["API/noticeError/called"],void 0,r.D.metrics,p),(0,a.p)("err",[e,(0,s.z)(),!1,t],void 0,r.D.jserrors,p)},d.il?(0,u.b)((()=>x()),!0):x(),g}(e,y);return(0,g.Qy)(e,T,"api"),(0,g.Qy)(e,D,"exposed"),(0,g.EZ)("activatedFeatures",h.T),T}},3325:(e,t,n)=>{n.d(t,{D:()=>r,p:()=>i});const r={ajax:"ajax",jserrors:"jserrors",metrics:"metrics",pageAction:"page_action",pageViewEvent:"page_view_event",pageViewTiming:"page_view_timing",sessionReplay:"session_replay",sessionTrace:"session_trace",spa:"spa"},i={[r.pageViewEvent]:1,[r.pageViewTiming]:2,[r.metrics]:3,[r.jserrors]:4,[r.ajax]:5,[r.sessionTrace]:6,[r.pageAction]:7,[r.spa]:8,[r.sessionReplay]:9}}},r={};function i(e){var t=r[e];if(void 0!==t)return t.exports;var a=r[e]={exports:{}};return n[e](a,a.exports,i),a.exports}i.m=n,i.d=(e,t)=>{for(var n in t)i.o(t,n)&&!i.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},i.f={},i.e=e=>Promise.all(Object.keys(i.f).reduce(((t,n)=>(i.f[n](e,t),t)),[])),i.u=e=>"nr-rum-1.241.0.min.js",i.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),e={},t="NRBA-1.241.0.PROD:",i.l=(n,r,a,o)=>{if(e[n])e[n].push(r);else{var s,c;if(void 0!==a)for(var u=document.getElementsByTagName("script"),d=0;d<u.length;d++){var l=u[d];if(l.getAttribute("src")==n||l.getAttribute("data-webpack")==t+a){s=l;break}}s||(c=!0,(s=document.createElement("script")).charset="utf-8",s.timeout=120,i.nc&&s.setAttribute("nonce",i.nc),s.setAttribute("data-webpack",t+a),s.src=n),e[n]=[r];var f=(t,r)=>{s.onerror=s.onload=null,clearTimeout(g);var i=e[n];if(delete e[n],s.parentNode&&s.parentNode.removeChild(s),i&&i.forEach((e=>e(r))),t)return t(r)},g=setTimeout(f.bind(null,void 0,{type:"timeout",target:s}),12e4);s.onerror=f.bind(null,s.onerror),s.onload=f.bind(null,s.onload),c&&document.head.appendChild(s)}},i.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.p="https://web.archive.org/web/20230924034600/https://js-agent.newrelic.com/",(()=>{var e={50:0,832:0};i.f.j=(t,n)=>{var r=i.o(e,t)?e[t]:void 0;if(0!==r)if(r)n.push(r[2]);else{var a=new Promise(((n,i)=>r=e[t]=[n,i]));n.push(r[2]=a);var o=i.p+i.u(t),s=new Error;i.l(o,(n=>{if(i.o(e,t)&&(0!==(r=e[t])&&(e[t]=void 0),r)){var a=n&&("load"===n.type?"missing":n.type),o=n&&n.target&&n.target.src;s.message="Loading chunk "+t+" failed.\n("+a+": "+o+")",s.name="ChunkLoadError",s.type=a,s.request=o,r[1](s)}}),"chunk-"+t,t)}};var t=(t,n)=>{var r,a,[o,s,c]=n,u=0;if(o.some((t=>0!==e[t]))){for(r in s)i.o(s,r)&&(i.m[r]=s[r]);if(c)c(i)}for(t&&t(n);u<o.length;u++)a=o[u],i.o(e,a)&&e[a]&&e[a][0](),e[a]=0},n=self["webpackChunk:NRBA-1.241.0.PROD"]=self["webpackChunk:NRBA-1.241.0.PROD"]||[];n.forEach(t.bind(null,0)),n.push=t.bind(null,n.push.bind(n))})(),(()=>{var e=i(50);class t{addPageAction(t,n){(0,e.Z)("Call to agent api addPageAction failed. The session trace feature is not currently initialized.")}setPageViewName(t,n){(0,e.Z)("Call to agent api setPageViewName failed. The page view feature is not currently initialized.")}setCustomAttribute(t,n,r){(0,e.Z)("Call to agent api setCustomAttribute failed. The js errors feature is not currently initialized.")}noticeError(t,n){(0,e.Z)("Call to agent api noticeError failed. The js errors feature is not currently initialized.")}setUserId(t){(0,e.Z)("Call to agent api setUserId failed. The js errors feature is not currently initialized.")}setApplicationVersion(t){(0,e.Z)("Call to agent api setApplicationVersion failed. The agent is not currently initialized.")}setErrorHandler(t){(0,e.Z)("Call to agent api setErrorHandler failed. The js errors feature is not currently initialized.")}finished(t){(0,e.Z)("Call to agent api finished failed. The page action feature is not currently initialized.")}addRelease(t,n){(0,e.Z)("Call to agent api addRelease failed. The agent is not currently initialized.")}start(t){(0,e.Z)("Call to agent api addRelease failed. The agent is not currently initialized.")}}var n=i(3325),r=i(5763);const a=Object.values(n.D);function o(e){const t={};return a.forEach((n=>{t[n]=function(e,t){return!1!==(0,r.Mt)(t,"".concat(e,".enabled"))}(n,e)})),t}var s=i(7530);var c=i(8e3),u=i(5938),d=i(3960),l=i(385);class f extends u.W{constructor(e,t,n){let i=!(arguments.length>3&&void 0!==arguments[3])||arguments[3];super(e,t,n),this.auto=i,this.abortHandler=void 0,this.featAggregate=void 0,this.onAggregateImported=void 0,!1===(0,r.Mt)(this.agentIdentifier,"".concat(this.featureName,".autoStart"))&&(this.auto=!1),this.auto&&(0,c.R)(e,n)}importAggregator(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};if(this.featAggregate)return;if(!this.auto)return void this.ee.on("".concat(this.featureName,"-opt-in"),(()=>{(0,c.R)(this.agentIdentifier,this.featureName),this.auto=!0,this.importAggregator()}));const n=l.il&&!0===(0,r.Mt)(this.agentIdentifier,"privacy.cookies_enabled");let a;this.onAggregateImported=new Promise((e=>{a=e}));const o=async()=>{let r;try{if(n){const{setupAgentSession:e}=await i.e(75).then(i.bind(i,3228));r=e(this.agentIdentifier)}}catch(t){(0,e.Z)("A problem occurred when starting up session manager. This page will not start or extend any session.",t)}try{if(!this.shouldImportAgg(this.featureName,r))return(0,c.L)(this.agentIdentifier,this.featureName),void a(!1);const{lazyFeatureLoader:e}=await i.e(75).then(i.bind(i,8582)),{Aggregate:n}=await e(this.featureName,"aggregate");this.featAggregate=new n(this.agentIdentifier,this.aggregator,t),a(!0)}catch(t){(0,e.Z)("Downloading and initializing ".concat(this.featureName," failed..."),t),this.abortHandler?.(),a(!1)}};l.il?(0,d.b)((()=>o()),!0):o()}shouldImportAgg(e,t){return e!==n.D.sessionReplay||!!r.Yu.MO&&(!1!==(0,r.Mt)(this.agentIdentifier,"session_trace.enabled")&&(!!t?.isNew||!!t?.state.sessionReplay))}}var g=i(7633);class p extends f{static featureName=g.t;constructor(e,t){let n=!(arguments.length>2&&void 0!==arguments[2])||arguments[2];super(e,t,g.t,n),this.importAggregator()}}var h=i(1117),v=i(1284);class m extends h.w{constructor(e){super(e),this.aggregatedData={}}store(e,t,n,r,i){var a=this.getBucket(e,t,n,i);return a.metrics=function(e,t){t||(t={count:0});return t.count+=1,(0,v.D)(e,(function(e,n){t[e]=b(n,t[e])})),t}(r,a.metrics),a}merge(e,t,n,r,i){var a=this.getBucket(e,t,r,i);if(a.metrics){var o=a.metrics;o.count+=n.count,(0,v.D)(n,(function(e,t){if("count"!==e){var r=o[e],i=n[e];i&&!i.c?o[e]=b(i.t,r):o[e]=function(e,t){if(!t)return e;t.c||(t=y(t.t));return t.min=Math.min(e.min,t.min),t.max=Math.max(e.max,t.max),t.t+=e.t,t.sos+=e.sos,t.c+=e.c,t}(i,o[e])}}))}else a.metrics=n}storeMetric(e,t,n,r){var i=this.getBucket(e,t,n);return i.stats=b(r,i.stats),i}getBucket(e,t,n,r){this.aggregatedData[e]||(this.aggregatedData[e]={});var i=this.aggregatedData[e][t];return i||(i=this.aggregatedData[e][t]={params:n||{}},r&&(i.custom=r)),i}get(e,t){return t?this.aggregatedData[e]&&this.aggregatedData[e][t]:this.aggregatedData[e]}take(e){for(var t={},n="",r=!1,i=0;i<e.length;i++)t[n=e[i]]=w(this.aggregatedData[n]),t[n].length&&(r=!0),delete this.aggregatedData[n];return r?t:null}}function b(e,t){return null==e?function(e){e?e.c++:e={c:1};return e}(t):t?(t.c||(t=y(t.t)),t.c+=1,t.t+=e,t.sos+=e*e,e>t.max&&(t.max=e),e<t.min&&(t.min=e),t):{t:e}}function y(e){return{t:e,min:e,max:e,sos:e*e,c:1}}function w(e){return"object"!=typeof e?[]:(0,v.D)(e,A)}function A(e,t){return t}var x=i(8632),_=i(4402),D=i(4351);var E=i(5546),j=i(7956),k=i(3239),T=i(7894),N=i(9251);class S extends f{static featureName=N.t;constructor(e,t){let n=!(arguments.length>2&&void 0!==arguments[2])||arguments[2];super(e,t,N.t,n),l.il&&((0,j.N)((()=>(0,E.p)("docHidden",[(0,T.z)()],void 0,N.t,this.ee)),!0),(0,k.bP)("pagehide",(()=>(0,E.p)("winPagehide",[(0,T.z)()],void 0,N.t,this.ee))),this.importAggregator())}}var P=i(3081);class C extends f{static featureName=P.t9;constructor(e,t){let n=!(arguments.length>2&&void 0!==arguments[2])||arguments[2];super(e,t,P.t9,n),this.importAggregator()}}new class extends t{constructor(t){let n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:(0,_.ky)(16);super(),l._A?(this.agentIdentifier=n,this.sharedAggregator=new m({agentIdentifier:this.agentIdentifier}),this.features={},this.desiredFeatures=new Set(t.features||[]),this.desiredFeatures.add(p),Object.assign(this,(0,s.j)(this.agentIdentifier,t,t.loaderType||"agent")),this.run()):(0,e.Z)("Failed to initial the agent. Could not determine the runtime environment.")}get config(){return{info:(0,r.C5)(this.agentIdentifier),init:(0,r.P_)(this.agentIdentifier),loader_config:(0,r.DL)(this.agentIdentifier),runtime:(0,r.OP)(this.agentIdentifier)}}run(){const t="features";try{const r=o(this.agentIdentifier),i=[...this.desiredFeatures];i.sort(((e,t)=>n.p[e.featureName]-n.p[t.featureName])),i.forEach((t=>{if(r[t.featureName]||t.featureName===n.D.pageViewEvent){const i=function(e){switch(e){case n.D.ajax:return[n.D.jserrors];case n.D.sessionTrace:return[n.D.ajax,n.D.pageViewEvent];case n.D.sessionReplay:return[n.D.sessionTrace];case n.D.pageViewTiming:return[n.D.pageViewEvent];default:return[]}}(t.featureName);i.every((e=>r[e]))||(0,e.Z)("".concat(t.featureName," is enabled but one or more dependent features has been disabled (").concat((0,D.P)(i),"). This may cause unintended consequences or missing data...")),this.features[t.featureName]=new t(this.agentIdentifier,this.sharedAggregator)}})),(0,x.Qy)(this.agentIdentifier,this.features,t)}catch(n){(0,e.Z)("Failed to initialize all enabled instrument classes (agent aborted) -",n);for(const e in this.features)this.features[e].abortHandler?.();const r=(0,x.fP)();return delete r.initializedAgents[this.agentIdentifier]?.api,delete r.initializedAgents[this.agentIdentifier]?.[t],delete this.sharedAggregator,r.ee?.abort(),delete r.ee?.get(this.agentIdentifier),!1}}addToTrace(t){(0,e.Z)("Call to agent api addToTrace failed. The page action feature is not currently initialized.")}setCurrentRouteName(t){(0,e.Z)("Call to agent api setCurrentRouteName failed. The spa feature is not currently initialized.")}interaction(){(0,e.Z)("Call to agent api interaction failed. The spa feature is not currently initialized.")}}({features:[p,S,C],loaderType:"lite"})})()})();</script> <noscript><style>form.antibot * :not(.antibot-message) { display: none !important; }</style> </noscript><script async src="https://web.archive.org/web/20230924034600js_/https://www.googletagmanager.com/gtag/js?id=G-HEQ0YF2VYL"></script> <script>window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments)};gtag("js", new Date());gtag("set", "developer_id.dMDhkMT", true);gtag('set', {'cookie_flags': 'SameSite=None;Secure', 'cookie_domain': 'www.nist.gov'});gtag("config", "G-HEQ0YF2VYL", {"groups":"default","page_placeholder":"PLACEHOLDER_page_location","link_attribution":true,"allow_ad_personalization_signals":false});gtag("event", "custom", {"media_contact":"\u003Ca href=\u0022\/people\/chad-boutin\u0022 hreflang=\u0022en\u0022\u003EChad Boutin\u003C\/a\u003E","node_title":"NIST Drafts Major Update to Its Widely Used Cybersecurity Framework","node_id":"1821011","content_type":"News"});</script> <meta name="description" content="NIST has revised the framework to help benefit all sectors, not just critical infrastructure."/> <link rel="canonical" href="https://web.archive.org/web/20230924034600/https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework"/> <link rel="shortlink" href="https://web.archive.org/web/20230924034600/https://www.nist.gov/node/1821011"/> <meta name="citation_title" content="NIST Drafts Major Update to Its Widely Used Cybersecurity Framework | NIST"/> <meta property="og:site_name" content="NIST"/> <meta property="og:type" content="Article"/> <meta property="og:url" content="https://web.archive.org/web/20230924034600/https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework"/> <meta property="og:title" content="NIST Drafts Major Update to Its Widely Used Cybersecurity Framework"/> <meta property="og:description" content="NIST has revised the framework to help benefit all sectors, not just critical infrastructure."/> <meta property="og:image" content="https://web.archive.org/web/20230924034600im_/https://www.nist.gov/sites/default/files/images/2023/08/07/CSF-wheel-revamp-final-white.png"/> <meta property="og:image:width" content="220"/> <meta property="og:image:height" content="212"/> <meta property="article:published_time" content="2023-08-08T08:00-04:00"/> <meta property="article:modified_time" content="2023-08-23T14:49-04:00"/> <meta name="dcterms.title" content="NIST Drafts Major Update to Its Widely Used Cybersecurity Framework"/> <meta name="dcterms.description" content="NIST has revised the framework to help benefit all sectors, not just critical infrastructure."/> <meta name="dcterms.date" content="2023-08-08T08:00-04:00"/> <meta name="dcterms.type" content="text"/> <meta name="dcterms.format" content="text/html"/> <meta name="dcterms.identifier" content="https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework"/> <meta name="dcterms.source" content="NIST"/> <meta name="dcterms.created" content="2023-08-08T08:00-04:00"/> <meta name="dcterms.modified" content="2023-08-23T14:49-04:00"/> <meta name="twitter:card" content="summary_large_image"/> <meta name="twitter:description" content="NIST has revised the framework to help benefit all sectors, not just critical infrastructure."/> <meta name="twitter:site" content="NIST"/> <meta name="twitter:title" content="NIST Drafts Major Update to Its Widely Used Cybersecurity Framework"/> <meta name="twitter:url" content="https://web.archive.org/web/20230924034600im_/https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework"/> <meta name="twitter:image" content="https://web.archive.org/web/20230924034600im_/https://www.nist.gov/sites/default/files/images/2023/08/07/CSF-wheel-revamp-final-white.png"/> <meta name="twitter:image:height" content="212"/> <meta name="twitter:image:width" content="220"/> <meta name="google-site-verification" content="QMu0ODkER3rN5hLcMLqNVf7e3bkjYsNLTuhqfH48jCA"/> <meta name="Generator" content="Drupal 9 (https://www.drupal.org)"/> <meta name="MobileOptimized" content="width"/> <meta name="HandheldFriendly" content="true"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <meta name="nist_search_modified" class="elastic" content="2023-08-23T14:49:00-04:00"/> <script type="application/ld+json">{ "@context": "https://web.archive.org/web/20230924034600/https://schema.org", "@graph": [ { "@type": "Article", "headline": "NIST Drafts Major Update to Its Widely Used Cybersecurity Framework | NIST", "description": "NIST has revised the framework to help benefit all sectors, not just critical infrastructure.", "image": { "@type": "ImageObject", "representativeOfPage": "True", "url": "https://web.archive.org/web/20230924034600/https://www.nist.gov/sites/default/files/images/2023/08/07/CSF-wheel-revamp-final-white.png", "width": "220", "height": "212" }, "datePublished": "2023-08-08T08:00-04:00", "dateModified": "2023-08-23T14:49-04:00" } ] }</script> <meta name="nist_search_bundle" class="elastic" content="article"/> <link rel="icon" href="/web/20230924034600im_/https://www.nist.gov/themes/custom/nist_www/favicon.ico" type="image/vnd.microsoft.icon"/> <title>NIST Drafts Major Update to Its Widely Used Cybersecurity Framework | NIST</title> <link rel="stylesheet" media="all" href="/web/20230924034600cs_/https://www.nist.gov/sites/default/files/css/css_wQaeXten-2bglecZJhs_4bNPKxJowMqATIToaUvx82c.css"/> <link rel="stylesheet" media="screen" href="/web/20230924034600cs_/https://www.nist.gov/sites/default/files/css/css_J7RuJ-PwWY36lMjcmfbU1Uvs509-G5bIcbR2QTQU4K0.css"/> <link rel="stylesheet" media="print" href="/web/20230924034600cs_/https://www.nist.gov/sites/default/files/css/css_zbjDhj-AmeVwgu9y0DlPwEfp7l-a5BpoK3MpoGmRB6o.css"/> <link rel="stylesheet" media="all" href="/web/20230924034600cs_/https://www.nist.gov/sites/default/files/css/css_PV0KmreUx3hVeYI6yGypf71UDz9BSQl1Z5DjiESDh-Y.css"/> <link rel="stylesheet" media="screen" href="/web/20230924034600cs_/https://www.nist.gov/sites/default/files/css/css_AbQ-Et9ahnwNdmjkdX7ZUl-TsIfoP4W6aAktBfxnFWo.css"/> <link rel="stylesheet" media="all" href="/web/20230924034600cs_/https://www.nist.gov/sites/default/files/css/css_NjDDNWX3gT9AQim3Wat6xpK9XSySncGi6dMPubV7CJQ.css"/> <link rel="stylesheet" media="screen" href="/web/20230924034600cs_/https://www.nist.gov/sites/default/files/css/css_mCRChb5imR7G-MyyS1tXLG1rucUC8YO_tBpWFFku_M8.css"/> <script src="/web/20230924034600js_/https://www.nist.gov/sites/default/files/js/js_VDwaIMNiRtzQn-NZvj1F9loIzJ-i4yEDiruzS8Z6Ejo.js"></script> </head> <body class="node-1821011"> <a href="#main-content" class="visually-hidden focusable" data-elastic-exclude> Skip to main content </a> <div class="dialog-off-canvas-main-canvas" data-off-canvas-main-canvas>  <section data-elastic-exclude class="usa-banner" aria-label="Official government website"> <div class="usa-accordion"> <header class="usa-banner__header"> <div class="usa-banner__inner"> <div class="grid-col-auto"> <img class="usa-banner__header-flag" src="/web/20230924034600im_/https://www.nist.gov/libraries/nist-component-library/dist/img/us_flag_small.png" alt="U.S. flag"> </div> <div class="grid-col-fill tablet:grid-col-auto"> <p class="usa-banner__header-text">An official website of the United States government</p> <p class="usa-banner__header-action" aria-hidden="true">Here’s how you know</p> </div> <button class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default"> <span class="usa-banner__button-text">Here’s how you know</span> </button> </div> </header> <div class="usa-banner__content usa-accordion__content" id="gov-banner-default"> <div class="grid-row grid-gap-lg"> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/web/20230924034600im_/https://www.nist.gov/libraries/nist-component-library/dist/img/icon-dot-gov.svg" role="img" alt="" aria-hidden="true"> <div class="usa-media-block__body"> <p> <strong>Official websites use .gov</strong> <br/> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/web/20230924034600im_/https://www.nist.gov/libraries/nist-component-library/dist/img/icon-https.svg" role="img" alt="" aria-hidden="true"> <div class="usa-media-block__body"> <p> <strong>Secure .gov websites use HTTPS</strong> <br/> A <strong>lock</strong> ( <span class="icon-lock"> <svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewbox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-title banner-lock-description" focusable="false"> <title id="banner-lock-title">Lock</title> <desc id="banner-lock-description">A locked padlock</desc><path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"/></svg> </span> ) or <strong>https://</strong> means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </section>  <div data-elastic-exclude>  <div class="nist-print-header" style="display:none;"> <p class="nist-print-header__url">https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework</p> <img class="nist-print-header__logo" width="289" height="38" src="/web/20230924034600im_/https://www.nist.gov/libraries/nist-component-library/dist/img/logo/nist_logo_sidestack.svg" alt="National Institute of Standards and Technology"/> </div> <div class="usa-overlay"></div> <header class="usa-header nist-header--www nist-header--minimal" role="banner"> <div class="usa-navbar"> <div class="usa-logo flex-fill"> <a href="/web/20230924034600/https://www.nist.gov/" title="National Institute of Standards and Technology" aria-label="Home"> <img src="/web/20230924034600im_/https://www.nist.gov/libraries/nist-component-library/dist/img/logo/logo.svg" alt="National Institute of Standards and Technology" width="300px" height="80px"/> </a> </div> <div class="usa-header__right grid-row flex-auto"> <div class="grid-col-fill nist-header__search-group"> <form class="usa-search usa-search--small" accept-charset="UTF-8" action="/web/20230924034600/https://www.nist.gov/search" id="search_form" method="get"> <div role="search"> <label class="usa-sr-only" for="search-form">Search NIST</label> <input class="usa-input" id="search-form" type="search" name="s" placeholder="Search NIST" required="" maxlength="128"> <button class="usa-button" type="submit"><img src="/web/20230924034600im_/https://www.nist.gov/libraries/nist-component-library/dist/img/usa-icons-bg/search--white.svg" class="usa-search__submit-icon" alt="Search"></button> </div> </form> </div> <div class="grid-col-auto padding-left-1"> <button class="usa-menu-btn">Menu</button> </div> </div> </div> <nav aria-label="Primary navigation" class="usa-nav"> <div class="usa-nav__inner"> <button class="usa-nav__close">Close</button> <ul class="usa-nav__primary usa-accordion"> <li class="usa-nav__primary-item"> <button class="usa-accordion__button usa-nav__link" aria-expanded="false" aria-controls="primary_menu-1"><span>Topics</span></button> <div id="primary_menu-1" class="usa-nav__submenu usa-megamenu"> <div class="grid-row"> <div class="tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/topics" class="usa-nav__link">All Topics</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/advanced-communications" class="usa-nav__link">Advanced communications</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/artificial-intelligence" class="usa-nav__link">Artificial intelligence</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/bioscience" class="usa-nav__link">Bioscience</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/buildings-construction" class="usa-nav__link">Buildings and construction</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/chemistry" class="usa-nav__link">Chemistry</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/climate" class="usa-nav__link">Climate</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/cybersecurity" class="usa-nav__link">Cybersecurity</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/electronics" class="usa-nav__link">Electronics</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/energy" class="usa-nav__link">Energy</a> </li> </ul></div><div class="column-break tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/environment" class="usa-nav__link">Environment</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/fire" class="usa-nav__link">Fire</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/forensic-science" class="usa-nav__link">Forensic science</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/health" class="usa-nav__link">Health</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/information-technology" class="usa-nav__link">Information technology</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/infrastructure" class="usa-nav__link">Infrastructure</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/manufacturing" class="usa-nav__link">Manufacturing</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/materials" class="usa-nav__link">Materials</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/mathematics-statistics" class="usa-nav__link">Mathematics and statistics</a> </li> </ul></div><div class="column-break tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/metrology" class="usa-nav__link">Metrology</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/nanotechnology" class="usa-nav__link">Nanotechnology</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/neutron-research" class="usa-nav__link">Neutron research</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/performance-excellence" class="usa-nav__link">Performance excellence</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/physics" class="usa-nav__link">Physics</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/public-safety" class="usa-nav__link">Public safety</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/resilience" class="usa-nav__link">Resilience</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/standards" class="usa-nav__link">Standards</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/transportation" class="usa-nav__link">Transportation</a> </li> </ul> </div> </div> </div> </li> <li class="usa-nav__primary-item"> <a class="usa-nav__link" href="/web/20230924034600/https://www.nist.gov/publications">Publications</a> </li> <li class="usa-nav__primary-item"> <button class="usa-accordion__button usa-nav__link" aria-expanded="false" aria-controls="primary_menu-3"><span>Labs & Major Programs</span></button> <div id="primary_menu-3" class="usa-nav__submenu usa-megamenu"> <div class="grid-row"> <div class="tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/labs-major-programs/laboratories" class="usa-nav__link">Laboratories</a> <ul class="usa-nav__submenu-list"> <li> <a href="/web/20230924034600/https://www.nist.gov/ctl" class="usa-nav__link">Communications Technology Laboratory</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/el" class="usa-nav__link">Engineering Laboratory</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/itl" class="usa-nav__link">Information Technology Laboratory</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/mml" class="usa-nav__link">Material Measurement Laboratory</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/pml" class="usa-nav__link">Physical Measurement Laboratory</a> </li> </ul> </li> </ul></div><div class="column-break tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/labs-major-programs/user-facilities" class="usa-nav__link">User Facilities</a> <ul class="usa-nav__submenu-list"> <li> <a href="/web/20230924034600/https://www.nist.gov/ncnr" class="usa-nav__link">NIST Center for Neutron Research</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/cnst" class="usa-nav__link">CNST NanoFab</a> </li> </ul> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/labs-major-programs/research-test-beds" class="usa-nav__link">Research Test Beds</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/laboratories/projects-programs" class="usa-nav__link">Research Projects</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/laboratories/tools-instruments" class="usa-nav__link">Tools & Instruments</a> </li> </ul></div><div class="column-break tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/labs-major-programs/major-programs" class="usa-nav__link">Major Programs</a> <ul class="usa-nav__submenu-list"> <li> <a href="/web/20230924034600/https://www.nist.gov/baldrige" class="usa-nav__link">Baldrige Performance Excellence Program</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/chips" class="usa-nav__link">CHIPS for America Initiative</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/mep" class="usa-nav__link">Manufacturing Extension Partnership (MEP)</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/oam" class="usa-nav__link">Office of Advanced Manufacturing</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/spo" class="usa-nav__link">Special Programs Office</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/tpo" class="usa-nav__link">Technology Partnerships Office</a> </li> </ul> </li> </ul> </div> </div> </div> </li> <li class="usa-nav__primary-item"> <button class="usa-accordion__button usa-nav__link" aria-expanded="false" aria-controls="primary_menu-4"><span>Services & Resources</span></button> <div id="primary_menu-4" class="usa-nav__submenu usa-megamenu"> <div class="grid-row"> <div class="tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/services-resources/standards-and-measurements" class="usa-nav__link">Standards and Measurements</a> <ul class="usa-nav__submenu-list"> <li> <a href="/web/20230924034600/https://www.nist.gov/calibrations" class="usa-nav__link">Calibration Services</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/nvlap" class="usa-nav__link">Laboratory Accreditation (NVLAP)</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/nist-quality-system" class="usa-nav__link">Quality System</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/srm" class="usa-nav__link">Standard Reference Materials (SRMs)</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/standardsgov" class="usa-nav__link">Standards.gov</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/pml/time-and-frequency-division/time-services" class="usa-nav__link">Time Services</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/pml/owm" class="usa-nav__link">Office of Weights and Measures</a> </li> </ul> </li> </ul></div><div class="column-break tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/services-resources/software" class="usa-nav__link">Software</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/data" class="usa-nav__link">Data</a> <ul class="usa-nav__submenu-list"> <li> <a href="https://web.archive.org/web/20230924034600/https://webbook.nist.gov/chemistry/" class="usa-nav__link">Chemistry WebBook</a> </li> <li> <a href="https://web.archive.org/web/20230924034600/https://nvd.nist.gov/" class="usa-nav__link">National Vulnerability Database</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/pml/productsservices/physical-reference-data" class="usa-nav__link">Physical Reference Data</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/srd" class="usa-nav__link">Standard Reference Data (SRD)</a> </li> </ul> </li> <li class="usa-nav__submenu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/shop" class="usa-nav__link">Storefront</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/tpo" class="usa-nav__link">License & Patents</a> </li> </ul></div><div class="column-break tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="https://web.archive.org/web/20230924034600/https://csrc.nist.gov/" class="usa-nav__link">Computer Security Resource Center (CSRC)</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/nist-research-library" class="usa-nav__link">NIST Research Library</a> </li> </ul> </div> </div> </div> </li> <li class="usa-nav__primary-item"> <button class="usa-accordion__button usa-nav__link" aria-expanded="false" aria-controls="primary_menu-5"><span>News & Events</span></button> <div id="primary_menu-5" class="usa-nav__submenu usa-megamenu"> <div class="grid-row"> <div class="tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/news-events/news" class="usa-nav__link">News</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/news-events/events" class="usa-nav__link">Events</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/blogs" class="usa-nav__link">Blogs</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/feature-stories" class="usa-nav__link">Feature Stories</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/awards" class="usa-nav__link">Awards</a> </li> </ul></div><div class="column-break tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/video-gallery" class="usa-nav__link">Video Gallery</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/image-gallery" class="usa-nav__link">Image Gallery</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/pao/media-contacts" class="usa-nav__link">Media Contacts</a> </li> </ul> </div> </div> </div> </li> <li class="usa-nav__primary-item"> <button class="usa-accordion__button usa-nav__link" aria-expanded="false" aria-controls="primary_menu-6"><span>About NIST</span></button> <div id="primary_menu-6" class="usa-nav__submenu usa-megamenu"> <div class="grid-row"> <div class="tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/about-nist" class="usa-nav__link">About Us</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/about-nist/contact-us" class="usa-nav__link">Contact Us</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/about-nist/visit" class="usa-nav__link">Visit</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/careers" class="usa-nav__link">Careers</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/director/nist-organization-structure" class="usa-nav__link">Our Organization</a> <ul class="usa-nav__submenu-list"> <li> <a href="/web/20230924034600/https://www.nist.gov/director" class="usa-nav__link">Office of the Director</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/director/nist-organization-structure/budget-planning" class="usa-nav__link">Budget & Planning</a> </li> </ul> </li> </ul></div><div class="column-break tablet:grid-col-fill"><ul class="usa-nav__submenu-list"> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/about-nist/work-nist" class="usa-nav__link">Work with NIST</a> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/history" class="usa-nav__link">History</a> <ul class="usa-nav__submenu-list"> <li> <a href="https://web.archive.org/web/20230924034600/http://nistdigitalarchives.contentdm.oclc.org/" class="usa-nav__link">NIST Digital Archives</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/nist-museum" class="usa-nav__link">NIST Museum</a> </li> <li> <a href="/web/20230924034600/https://www.nist.gov/nist-and-nobel" class="usa-nav__link">NIST and the Nobel</a> </li> </ul> </li> <li class="usa-nav__submenu-item"> <a href="/web/20230924034600/https://www.nist.gov/education" class="usa-nav__link">Educational Resources</a> </li> </ul> </div> </div> </div> </li> </ul> </div> </nav> </header>  </div> <div class="grid-container"> <div data-drupal-messages-fallback class="hidden"></div> </div> <div id="block-nist-www-content" class="nist-block"> <section class="nist-page__content usa-section clearfix"> <a id="main-content" tabindex="-1"></a> <div class="grid-container margin-top-4"> <div class="nist-page__region nist-page__region--content-top"> <div class="nist-block"> <div> <a class="usa-button usa-button--accent-cool" href="/web/20230924034600/https://www.nist.gov/news-events/news">NEWS</a> </div> </div> <div class="nist-block"> <h1 class="nist-page__title">NIST Drafts Major Update to Its Widely Used Cybersecurity Framework</h1> </div> <div class="nist-block"> <h3>NIST has revised the framework to help benefit all sectors, not just critical infrastructure.</h3> </div> <div class="nist-block"> <div class="font-heading-md"><time datetime="2023-08-08T12:00:00Z">August 08, 2023</time> </div> </div> <div class="nist-block">  <div data-elastic-exclude class="nist-block nist-social__wrapper"> <h2 class="nist-social__title">Share</h2> <div class="social-media-sharing"> <div class="nist-social__wrapper--share"> <div> <a target="_blank" rel="noopener" href="https://web.archive.org/web/20230924034600/https://www.facebook.com/share.php?u=https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework" title="Facebook" class="nist-social nist-social--facebook-gray"> <span>Facebook</span> </a> </div> <div> <a target="_blank" rel="noopener" href="https://web.archive.org/web/20230924034600/https://www.linkedin.com/shareArticle?mini=true&url=https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework&source=https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework" title="Linkedin" class="nist-social nist-social--linkedin-gray"> <span>Linkedin</span> </a> </div> <div> <a target="_blank" rel="noopener" href="https://web.archive.org/web/20230924034600/https://twitter.com/intent/tweet?url=https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework&status=https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework" title="Twitter" class="nist-social nist-social--twitter-gray"> <span>Twitter</span> </a> </div> <div> <a href="https://web.archive.org/web/20230924034600/mailto:/?subject=NIST.gov&body=Check out this site https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework" title="Email" class="nist-social nist-social--envelope-gray"> <span>Email</span> </a> </div> </div> </div> </div>  </div> </div> </div> <div class="grid-container margin-top-4"> <div class="grid-row grid-gap-6"> <div class="nist-page__region nist-page__region--content tablet-lg:grid-col-8"> <div class="nist-block"> <div class="text-with-summary"> <figure class="align-right nist-image--lightbox nist-image" data-lightbox="https://www.nist.gov/sites/default/files/styles/2800_x_2800_limit/public/images/2023/08/07/CSF-wheel-revamp-final-white.png?itok=4Vdui88Q" data-media-id="682871"><img alt="NIST Cybersecurity Framework wheel graphic has external sections labeled Identify, Protect, Detect, Respond and Recover; internal circle is labeled Govern. " height="463" loading="lazy" src="/web/20230924034600im_/https://www.nist.gov/sites/default/files/styles/480_x_480_limit/public/images/2023/08/07/CSF-wheel-revamp-final-white.png?itok=sAvbpAsH" typeof="foaf:Image" width="480"><figcaption class="nist-image__caption"><div class="nist-image__caption-content" data-caption-editable="true"> To the five main pillars of a successful cybersecurity program, NIST now has added a sixth, the "govern" function, which emphasizes that cybersecurity is a major source of enterprise risk and a consideration for senior leadership. </div> <div class="nist-image__credit"> <span class="nist-image__credit-label">Credit:</span> N. Hanacek/NIST </div> </figcaption></figure><p>The world’s leading cybersecurity guidance is getting its first complete makeover since its release nearly a decade ago. </p> <p>After considering more than a year’s worth of community feedback, the National Institute of Standards and Technology (NIST) has released a draft version of the <a href="https://web.archive.org/web/20230924034600/https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-20/ipd">Cybersecurity Framework (CSF) 2.0</a>, a new version of a tool it first released in 2014 to help organizations understand, reduce and communicate about cybersecurity risk. The draft update, which NIST has released for public comment, reflects changes in the cybersecurity landscape and makes it easier to put the CSF into practice — for all organizations. </p> <p>“With this update, we are trying to reflect current usage of the Cybersecurity Framework, and to anticipate future usage as well,” said NIST’s Cherilyn Pascoe, the framework’s lead developer. “The CSF was developed for critical infrastructure like the banking and energy industries, but it has proved useful everywhere from schools and small businesses to local and foreign governments. We want to make sure that it is a tool that’s useful to all sectors, not just those designated as critical.”</p> <p>NIST is accepting public comment on the draft framework until Nov. 4, 2023. NIST does not plan to release another draft. A workshop planned for the fall will be announced shortly and will serve as another opportunity for the public to provide feedback and comments on the draft. The developers plan to publish the final version of CSF 2.0 in early 2024. </p> <p>The CSF provides high-level guidance, including a common language and a systematic methodology for managing cybersecurity risk across sectors and aiding communication between technical and nontechnical staff. It includes activities that can be incorporated into cybersecurity programs and tailored to meet an organization’s particular needs. In the decade since it was first published, the CSF has been downloaded more than two million times by users across more than 185 countries and has been translated into at least nine languages.</p> <p>While responses to NIST’s February 2022 <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="c57860fb-f6d3-466b-89e6-3839d006af87" href="/web/20230924034600/https://www.nist.gov/news-events/news/2022/02/nist-seeks-input-update-cybersecurity-framework-supply-chain-guidance" title="NIST Seeks Input to Update Cybersecurity Framework, Supply Chain Guidance">request for information</a> about the CSF indicated that the framework remains an effective tool for reducing cybersecurity risk, <a data-entity-substitution="canonical" data-entity-type="media" data-entity-uuid="00cffb2f-bf4d-43cf-9129-da19a32b6c6a" href="/web/20230924034600/https://www.nist.gov/document/initial-summary-analysis-responses-request-information-rfi-evalu-ating-and-improving" title="Initial Summary Analysis of Responses to the Request for Information (RFI) Evalu ating and Improving Cybersecurity Resources: The Cybersecurity Framework and Cyb ersecurity Supply Chain Risk Management" class="media-link-ga " data-file-url="/system/files/documents/2022/06/03/NIST-Cybersecurity-RFI-Summary-Analysis-Final.pdf">many respondents also suggested</a> that an update could help users adjust to technological innovation as well as a rapidly evolving threat landscape. </p> <p>“Many commenters said that we should maintain and build on the key attributes of the CSF, including its flexible and voluntary nature,” Pascoe said. “At the same time, a lot of them requested more guidance on implementing the CSF and making sure it could address emerging cybersecurity issues, such as supply chain risks and the widespread threat of ransomware. Because these issues affect lots of organizations, including small businesses, we realized we had to up our game.”</p> <p>The CSF 2.0 draft reflects a number of major changes, including: </p> <ul><li>The framework’s scope has expanded — explicitly — from protecting critical infrastructure, such as hospitals and power plants, to providing cybersecurity for all organizations regardless of type or size. This difference is reflected in the CSF’s official title, which has changed to “The Cybersecurity Framework,” its colloquial name, from the more limiting “Framework for Improving Critical Infrastructure Cybersecurity.” </li> <li>Until now, the CSF has described the main pillars of a successful and holistic cybersecurity program using <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="a4ff41a3-7629-4b70-b5b0-0853e75298c4" href="/web/20230924034600/https://www.nist.gov/cyberframework/online-learning/five-functions" title="The Five Functions">five main functions</a>: identify, protect, detect, respond and recover. To these, NIST now has added a sixth, the govern function, which covers how an organization can make and execute its own internal decisions to support its cybersecurity strategy. It emphasizes that cybersecurity is a major source of enterprise risk, ranking alongside legal, financial and other risks as considerations for senior leadership. </li> <li>The draft provides improved and expanded guidance on implementing the CSF, especially for creating <a data-entity-substitution="canonical" data-entity-type="node" data-entity-uuid="a212b688-a480-43a2-950e-c72da62c8e37" href="/web/20230924034600/https://www.nist.gov/cyberframework/examples-framework-profiles" title="Examples of Framework Profiles">profiles</a>, which tailor the CSF for particular situations. The cybersecurity community has requested assistance in using it for specific economic sectors and use cases, where profiles can help. Importantly, the draft now includes implementation examples for each function’s subcategories to help organizations, especially smaller firms, to use the framework effectively.</li> </ul><p>A major goal of CSF 2.0 is to explain how organizations can leverage other technology frameworks, standards and guidelines, from NIST and elsewhere, to implement the CSF. Bolstering this last effort is the launch of the <a href="https://web.archive.org/web/20230924034600/https://csrc.nist.gov/Projects/Cybersecurity-Framework/Filters#/csf/filters">CSF 2.0 Reference Tool</a>. This online resource allows users to browse, search and export the <a href="https://web.archive.org/web/20230924034600/https://csrc.nist.gov/pubs/other/2023/04/24/discussion-draft-of-the-nist-csf-20-core/iprd">CSF Core</a> data in human-consumable and machine-readable formats. In the future, this tool will provide “Informative References” to show the relationships between the CSF and other resources to make it easier to use the framework together with other guidance to manage cybersecurity risk.</p> <p>Pascoe said the development team is encouraging anyone with recommendations about the updated CSF to respond with comments by the Nov. 4 deadline. </p> <p>“This is an opportunity for users to weigh in on the draft of CSF 2.0,” she said. “Now is the time to get involved if you’re not already.”</p> <p><em>Editor’s note (Aug. 23, 2023): This news story has been updated to reflect the fact that the CSF 2.0 Reference Tool, originally mentioned as an upcoming feature, is now available. </em><br> </p> </div> </div> <div class="nist-block">  <div data-elastic-exclude="" class="nist-tags"> <a href="/web/20230924034600/https://www.nist.gov/topic-terms/information-technology" hreflang="en">Information technology</a> and <a href="/web/20230924034600/https://www.nist.gov/topic-terms/cybersecurity" hreflang="en">Cybersecurity</a></div>  </div> </div> <aside class="nist-page__region nist-page__region--sidebar-second tablet-lg:grid-col-4"> <div> <div class="nist-block nist-block--no-margin">  <div role="article" about="/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework" typeof="schema:Article" data-elastic-exclude="" class="nist-block nist-block--contact"> <h2 class="nist-block__title">Media Contact</h2> <span property="schema:name" content="NIST Drafts Major Update to Its Widely Used Cybersecurity Framework" class="hidden"></span> <div class="nist-contact"> <ul class="nist-contact__items"> <li role="article" about="/people/chad-boutin" class="nist-contact__item"> <div class="nist-contact__name"><a href="/web/20230924034600/https://www.nist.gov/people/chad-boutin" title="View staff profile page">Chad Boutin</a></div> <div> <a href="https://web.archive.org/web/20230924034600/mailto:charles.boutin@nist.gov">charles.boutin@nist.gov</a> </div> <div> (301) 975-4261 </div> </li> </ul> </div> </div>  </div>  <div class="views-element-container nist-block nist-block--org" data-elastic-exclude=""> <h2 class="nist-block__title">Organizations</h2> <div><div class="js-view-dom-id-414735ea467c411718acc2f20142f7307c35aeaac5d6faab60f5f56988f7f228"> <div class="nist-related-orgs"><div class="term-tree-list"> <ul class="term"><li><a href="/web/20230924034600/https://www.nist.gov/nist-organizations/nist-headquarters" class="selected" hreflang="en">NIST Headquarters</a></li><li><ul class="term"><li><a href="/web/20230924034600/https://www.nist.gov/nist-organizations/nist-headquarters/laboratory-programs" class="selected" hreflang="en">Laboratory Programs</a></li><li><ul class="term"><li><a href="/web/20230924034600/https://www.nist.gov/nist-organizations/nist-headquarters/laboratory-programs/information-technology-laboratory" class="selected" hreflang="en">Information Technology Laboratory</a></li><li><ul class="term"><li><a href="/web/20230924034600/https://www.nist.gov/nist-organizations/nist-headquarters/laboratory-programs/information-technology-laboratory/applied-5" class="selected" hreflang="en">Applied Cybersecurity Division</a></li><li><ul class="term"><li><a href="/web/20230924034600/https://www.nist.gov/nist-organizations/nist-headquarters/laboratory-programs/information-technology-laboratory/applied-6" class="selected" hreflang="en">Applied Cybersecurity - HQ</a></li></ul></li></ul></li></ul></li></ul></li></ul> </div> </div> <div class="nist-related-orgs"></div> <div class="nist-related-orgs"></div> <div class="nist-related-orgs"></div> <div class="nist-related-orgs"></div> </div> </div> </div>  <div class="nist-block"> <h2 class="nist-block__title">Related Links</h2> <div class="nist-field nist-field--label-hidden nist-field--link-list link"> <div class="nist-field__items"> <div class="nist-field__item"><a href="https://web.archive.org/web/20230924034600/https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-20/ipd">Draft Cybersecurity Framework 2.0</a></div> </div> </div> </div>  <div data-elastic-exclude="" class="nist-block no-print"> <h2 class="nist-block__title">Sign up for updates from NIST</h2> <div class="nist-subscribe-form"> <form class="usa-form" action="https://web.archive.org/web/20230924034600/https://public.govdelivery.com/accounts/USNIST/subscribers/qualify" method="post"> <input type="hidden" name="topic_id" id="topic_id" value="USNIST"/> <label class="usa-label" for="email">Enter Email Address</label> <input class="usa-input" id="email" name="email" onfocus="this.value=" ' title="email" type="text"/> <input class="usa-button" id="signupbutton" name="signupbutton" type="submit" value="Sign up"/> </form> </div> </div>  </div> </aside> </div> </div> <div class="grid-container"> <div class="nist-page__region nist-page__region--content-bottom"> <div class="nist-block"> <div class="text-italic font-sans-2xs"> Released August 8, 2023, Updated August 23, 2023 </div> </div> </div> </div> </section> </div> <div data-elastic-exclude>  <footer class="nist-footer padding-bottom-4"> <div class="grid-container nist-footer__info"> <div class="grid-row"> <div class="tablet:grid-col-6"> <div class="nist-footer__logo"> <a href="/web/20230924034600/https://www.nist.gov/" title="National Institute of Standards and Technology" rel="home"> <img class="nist-footer__logo-img" src="/web/20230924034600im_/https://www.nist.gov/libraries/nist-component-library/dist/img/logo/NIST-Logo-Brand-White.svg" alt="National Institute of Standards and Technology logo" width="300px" height="42px"/> </a> </div> <div class="nist-footer__contact"> <h3 class="nist-footer__contact-heading">HEADQUARTERS</h3> <address> 100 Bureau Drive<br> Gaithersburg, MD 20899<br> <a href="https://web.archive.org/web/20230924034600/tel:301-975-2000">301-975-2000</a> </address> <p> <a href="https://web.archive.org/web/20230924034600/mailto:do-webmaster@nist.gov">Webmaster</a> | <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/about-nist/contact-us">Contact Us</a> | <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/visit">Our Other Offices</a> </p> </div> </div> <div class="tablet:grid-col-6"> <div class="nist-footer__social-links"> <a class="nist-social nist-social--twitter-white" href="https://web.archive.org/web/20230924034600/https://twitter.com/NIST"> <span>Twitter</span> </a> <a class="nist-social nist-social--facebook-white" href="https://web.archive.org/web/20230924034600/https://www.facebook.com/NIST"> <span>Facebook</span> </a> <a class="nist-social nist-social--linkedin-white" href="https://web.archive.org/web/20230924034600/https://www.linkedin.com/company/nist"> <span>LinkedIn</span> </a> <a class="nist-social nist-social--instagram-white" href="https://web.archive.org/web/20230924034600/https://www.instagram.com/nist/"> <span>Instagram</span> </a> <a class="nist-social nist-social--youtube-white" href="https://web.archive.org/web/20230924034600/https://www.youtube.com/NIST"> <span>YouTube</span> </a> <a class="nist-social nist-social--giphy-white" href="https://web.archive.org/web/20230924034600/https://giphy.com/nist"> <span>Giphy</span> </a> <a class="nist-social nist-social--rss-white" href="https://web.archive.org/web/20230924034600/https://www.nist.gov/news-events/nist-rss-feeds"> <span>RSS Feed</span> </a> <a class="nist-social nist-social--envelope-white" href="https://web.archive.org/web/20230924034600/https://public.govdelivery.com/accounts/USNIST/subscriber/new"> <span>Mailing List</span> </a> </div> <div class="nist-footer__feedback"> How are we doing? <a class="usa-button" rel="nofollow" href="/web/20230924034600/https://www.nist.gov/form/nist-gov-feedback?destination=/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework" title="Provide feedback">Feedback</a> </div> </div> </div> </div> <div class="grid-container"> <div class="nist-footer__nav" role="navigation"> <ul> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/privacy-policy">Site Privacy</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/oism/accessibility">Accessibility</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/privacy">Privacy Program</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/oism/copyrights">Copyrights</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/office-director/freedom-information-act">FOIA</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/environmental-policy-statement">Environmental Policy</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://www.commerce.gov/">Commerce.gov</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/http://www.science.gov/">Science.gov</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/http://www.usa.gov/">USA.gov</a> </li> <li class="nist-footer__menu-item"> <a href="https://web.archive.org/web/20230924034600/https://vote.gov/">Vote.gov</a> </li> </ul> </div> </div> </footer>  </div> </div> <script type="application/json" data-drupal-selector="drupal-settings-json">{"path":{"baseUrl":"\/","scriptPath":null,"pathPrefix":"","currentPath":"node\/1821011","currentPathIsAdmin":false,"isFront":false,"currentLanguage":"en"},"pluralDelimiter":"\u0003","suppressDeprecationErrors":true,"back_to_top":{"back_to_top_button_trigger":100,"back_to_top_prevent_on_mobile":false,"back_to_top_prevent_in_admin":true,"back_to_top_button_type":"image","back_to_top_button_text":"Back to top"},"google_analytics":{"account":"G-HEQ0YF2VYL","trackOutbound":true,"trackMailto":true,"trackTel":true,"trackDownload":true,"trackDownloadExtensions":"7z|aac|arc|arj|asf|asx|avi|bin|bsh|c|csv|doc(x|m)?|dot(x|m)?|dw(fx|g|gd)|dxf|eps|epub|exe|f(90)|flv|gif|gz|gzip|hqx|jar|jpe?g|js|m1v|mp(2|3|4|e?g)|mobi|mov(ie)?|msi|msp|pdf|phps|pl|png|ppt(x|m)?|pot(x|m)?|pps(x|m)?|ppam|sld(x|m)?|thmx|qtm?|ra(m|r)?|rfa|rtf|rvt|sch|sea|sit|swf|tar|tgz|tif|txt|txz|wav|wma|wmv|wpd|wrl|xls(x|m|b)?|xlt(x|m)|xlam|xml|xsd|z|zip"},"nist_search":{"clickTracking":"search-report-click","isDebug":false,"clickTrackEnabled":true,"message":"NIST Search in debug mode. Check the browsers network inspector for Click Track reporting results..."},"data":{"extlink":{"extTarget":false,"extTargetNoOverride":false,"extNofollow":false,"extNoreferrer":false,"extFollowNoOverride":false,"extClass":"ext","extLabel":"(link is external)","extImgClass":false,"extSubdomains":true,"extExclude":"\\.gov\\\/|\\.mil\\\/|\\manufacturingusa\\.com\\\/","extInclude":"","extCssExclude":"","extCssExplicit":"","extAlert":true,"extAlertText":"Thank you for visiting NIST. We hope your visit was informative. We have provided a link to this site because it has information that may be of interest to our users. NIST does not necessarily endorse the views expressed or the facts presented on this site. Further, NIST does not endorse any commercial products that may be advertised or available on this site. Click OK to be directed to your link.","mailtoClass":"0","mailtoLabel":"(link sends email)","extUseFontAwesome":false,"extIconPlacement":"append","extFaLinkClasses":"fa fa-external-link","extFaMailtoClasses":"fa fa-envelope-o","whitelistedDomains":[]}},"user":{"uid":0,"permissionsHash":"582eea317b4636ab5a0dffc8c6a006df3d6901ea5610498a0bbefc925ea1da0f"}}</script> <script src="/web/20230924034600js_/https://www.nist.gov/sites/default/files/js/js_vUzvThvSSVoHTSCkBCQkydhdsfaK1XKjKqS_Be_Zm8E.js"></script> <script src="https://web.archive.org/web/20230924034600js_/https://siteimproveanalytics.com/js/siteanalyze_6017546.js" async></script> <script src="/web/20230924034600js_/https://www.nist.gov/sites/default/files/js/js_uN7jYNGlFZgY-9ZBoc58oA3zqhC5zZ32LippU508ZTw.js"></script> <script type="text/javascript">window.NREUM||(NREUM={});NREUM.info={"beacon":"gov-bam.nr-data.net","licenseKey":"37b7ccb661","applicationID":"1089704227","transactionName":"YFxUN0sADEdYVkBaClkWdwBNCA1aFkVVVABoWlcAUQQ=","queueTime":5,"applicationTime":43,"atts":"TBtXQQMaH0k=","errorBeacon":"gov-bam.nr-data.net","agent":""}</script></body> </html>

CINXE.COM

NIST Drafts Major Update to Its Widely Used Cybersecurity Framework | NIST