PSC Seeks Member Input on NIST Cyber Framework 2.0

Published 1/20/2023

On January 19, 2023, the National Institutes of Standards and Technology (NIST) requested comments on a Concept Paper for its Cybersecurity Framework (CSF) 2.0, which builds on previous guidance to help organizations understand, manage, reduce, and communicate cybersecurity risks. The Concept Paper outlines potential changes to CSF 2.0 and reflects public feedback in 2022 (read PSC’s April 2022 comments here). NIST seeks additional input by March 3, 2023, in support of releasing a draft CSF 2.0 later this year. 

Specifically, NIST seeks feedback on the following questions:
-Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)?
-Are the proposed changes sufficient and appropriate? Are there other elements that should be considered under each area? 
-Do the proposed changes support different use cases in various sectors, types, and sizes of organizations (and with varied capabilities, resources, and technologies)?
-Are there additional changes not covered here that should be considered? 
-For those using CSF 1.1, would the proposed changes affect continued adoption of the Framework, and how so? 
-For those not using the Framework, would the proposed changes affect the potential use of the Framework?

To meet the NIST deadline, PSC seeks member input on the Concept Paper by February 17, 2023. Please send your comments to Lauren C. Ayers, PSC Vice President, Defense and Intelligence (ayers@pscouncil.org) or Christian Larsen, PSC Senior Associate for Public Policy (larsen@pscouncil.org).