, , ,

One Year of NIST Cybersecurity Framework (CSF) 2.0: What’s New and What’s Next?

, , ,

Credit: NIST

Source: nist.gov

It’s been a full year since the launch of NIST Cybersecurity Framework (CSF) 2.0! Over the past year, NIST has continued to expand resources to help organizations enhance their security posture. In this update, we will:

  • Introduce new CSF 2.0 resources

  • Revisit key tools and applications you may have missed

  • Highlight ways you can stay engaged in improving cybersecurity

NIST experts have worked extensively to provide guidance that supports cybersecurity professionals across industries. Your feedback and collaboration are vital in refining and promoting the CSF, and we appreciate everyone who has contributed by implementing the framework, sharing insights, or advocating for stronger cybersecurity practices.

What’s New in 2025?

Tailored Resources for CSF 2.0 Implementation

To make cybersecurity adoption even more accessible, new resources now offer customized guidance for different audiences, ensuring a more streamlined approach to risk management.

Strengthening Cybersecurity Governance

A major enhancement in CSF 2.0 is its emphasis on cybersecurity governance—aligning cybersecurity efforts with Enterprise Risk Management (ERM). NIST has updated key publications in the IR 8286 series to better reflect this integration. Three of these documents are currently open for public comment until April 14, 2025:

  • NIST IR 8286 – Integrating Cybersecurity and Enterprise Risk Management

  • NIST IR 8286A – Identifying and Estimating Cybersecurity Risk for ERM

  • NIST IR 8286C – Staging Cybersecurity Risks for ERM and Governance Oversight

Additionally, recent updates to NIST IR 8286B and NIST IR 8286D provide insights into prioritizing cybersecurity risks and using business impact analysis for better decision-making.

Simplifying Cross-Framework Implementation

For cybersecurity practitioners working with multiple NIST frameworks, new mapping tools have been introduced:

  • A draft mapping of NIST SP 800-37 (Risk Management Framework) to CSF 2.0, aligning risk management efforts with FISMA requirements.

  • A mapping of the NICE Workforce Framework (SP 800-181 rev. 1) to CSF 2.0, helping organizations connect cybersecurity workforce planning with framework implementation.

Tackling Ransomware with CSF 2.0

Ransomware remains a persistent threat, affecting organizations of all sizes. To strengthen ransomware preparedness, NIST has released a draft of NIST IR 8374 Revision 1, which provides a CSF 2.0 Community Profile for ransomware risk management. Public comments are open until March 14, 2025.

Expanding Global Cybersecurity Adoption

Recognizing the global impact of CSF 2.0, NIST has translated additional resources into multiple languages, including French, Portuguese, and Spanish, with more translations on the way. This effort enhances international cybersecurity cooperation and supports businesses worldwide.

Looking Back: CSF 2.0’s Impact in the Past Year

Since its release on February 26, 2024, CSF 2.0 has played a crucial role in enhancing cybersecurity across industries. Key milestones include:

  • Launching a comprehensive set of implementation resources to guide organizations in using CSF 2.0 effectively.

  • Establishing the NIST Frameworks Resource Page, which provides guidance on creating Community Profiles for various sectors, such as finance and telecommunications.

  • Introducing the CSF 2.0 Small Business Cybersecurity Corner, a dedicated space for small businesses to access tailored cybersecurity resources.

  • Expanding CSF 2.0 resources through new videos, quick-start guides, and mapping tools during National Cybersecurity Awareness Month in October 2024.

  • Achieving record engagement—CSF 2.0 became the most downloaded NIST publication, outpacing over 20,000 other resources.

  • Strengthening international adoption with 15 translated resources in languages such as German, Korean, and Polish.

  • Earning recognition—NIST received the Ecosystem Champion Award at the Cyber Policy Awards for its contributions to the cybersecurity landscape.

Moving Forward

As CSF 2.0 continues to evolve, NIST remains committed to supporting organizations in enhancing their cybersecurity strategies. Whether you're just starting with CSF 2.0 or looking to deepen your implementation, there are resources, tools, and community engagement opportunities available to help you succeed.

To learn more Contact us

Subscriptions