The NIST Cybersecurity Framework was intended to be a living document that is refined, improved, and evolves over time. These updates help the Framework keep pace with technology and threat trends, integrate lessons learned, and move best practice to common practice. NIST initially produced the Framework in 2014 and updated it in April 2018 with CSF 1.1. Based on stakeholder feedback, in order to reflect the ever-evolving cybersecurity landscape and to help organizations more easily and effectively manage cybersecurity risk, NIST is working on a new, more significant update to the Framework: CSF 2.0.
NIST continues to rely on stakeholder feedback. This includes public webinars and workshops, as well as seeking input via a Request for Information along with asking for comments on a concept paper, a discussion draft, and most recently, a draft of the revised CSF 2.0.
Stay tuned for announcements on future workshops!