La Privacy e Cybersec per le aziende
Osservatorio a cura del dott. V. Spataro 

Milano, sab 2 dicembre 2023:, Social media non vi temo - Ascolti tra Marketing e AI

   dizionario 2023-08-23 ·  NEW:   Appunta · Stampa · pdf

CSWP 29, The NIST Cybersecurity Framework 2.0


Documento annotato il 23.08.2023 Fonte:


L'analisi è riservata agli iscritti. Segui la newsletter dell'Osservatorio oppure il Podcast iscrizione gratuita 30 giorni



  • Email Comments to:
  • By Friday, November 4, 2023.
  • NIST does not plan to release another dr
  • The modifications between Version 1.1 an



estimated reading time: 3 min

Date Published: August 8, 2023
Comments Due: November 4, 2023
Email Comments to:


National Institute of Standards and Technology


This is the public draft of the NIST Cybersecurity Framework (CSF or Framework) 2.0.

The Framework has been used widely to reduce cybersecurity risks since its initial publication in 2014. Many organizations have told NIST that CSF 1.1 remains an effective framework for addressing cybersecurity risks. There is also widespread agreement that changes are warranted to address current and future cybersecurity challenges and to make it easier for organizations to use the Framework. NIST is working with the community to ensure that CSF 2.0 is effective for the future while fulfilling the CSF’s original goals and objectives.

NIST seeks feedback on whether this draft revision addresses organizations’ current and anticipated future cybersecurity challenges, is aligned with leading practices and guidance resources, and reflects comments received so far. In addition, NIST requests ideas on the best way to present the modifications from CSF 1.1 to CSF 2.0 to support transition. NIST encourages concrete suggestions for improvements to the draft, including revisions to the narrative and Core.

This draft includes an updated version of the CSF Core, reflecting feedback on the April discussion draft. This publication does not contain Implementation Examples or Informative References of the CSF 2.0 Core, given the need to frequently update them. Draft, initial Implementation Examples have been released under separate cover for public comment. NIST seeks feedback on what types of Examples would be most beneficial to Framework users, as well as what existing sources of implementation guidance might be readily adopted as sources of Examples (such as the NICE Framework Tasks, for example). NIST also seeks feedback on how often Implementation Examples should be updated and whether and how to accept Implementation Examples developed by the community.

As the CSF 2.0 is finalized, the updated Implementation Examples and Informative References will be maintained online on the NIST Cybersecurity Framework website, leveraging the NIST Cybersecurity and privacy Reference Tool (CPRT). Resource owners and authors who are interested in mapping their resources to the final CSF 2.0 to create Informative References should reach out to NIST.

Feedback on this CSF 2.0 Public Draft, as well as the related Implementation Examples draft, may be submitted to by Friday, November 4, 2023.

All relevant comments, including attachments and other supporting material, will be made publicly available on the NIST CSF 2.0 website. Personal, sensitive, confidential, or promotional business information should not be included. Comments with inappropriate language will not be considered.

This draft will be discussed at the third CSF workshop, which will be held this fall. NIST does not plan to release another draft of CSF 2.0 for comment. Feedback on this draft will inform development of the final CSF 2.0 to be published in early 2024.

The modifications between Version 1.1 and this version are based on community input through:

See the full Note to Reviewers at the beginning of the draft for more details summarizing changes between CSF 1.1 and this draft.


cybersecurity; Cybersecurity Framework; cybersecurity risk governance; cybersecurity risk management; cybersecurity supply chain risk management; enterprise risk management; privacy Framework; Profiles
Control Families

None selected


Testo del 2023-08-23 Fonte:


i commenti sono anonimi e inviati via mail e cancellati dopo aver migliorato la voce alla quale si riferiscono: non sono archiviati; comunque non lasciare dati particolari. Si applica la privacy policy.

Ricevi gli aggiornamenti su CSWP 29, The NIST Cybersecurity Framework 2.0 e gli altri post del sito:

Email: (gratis Info privacy)

Nota: il dizionario è aggiornato frequentemente con correzioni e giurisprudenza