May 2024

NIST Cybersecurity Framework 2.0

GC Agenda: May 2024, Practical Law The Journal
Mark H. Francis

Cybersecurity and privacy attorney Mark Francis contributed to the May 2024 edition of GC Agenda, published by Practical Law The Journal. Mr. Francis authored the Data Privacy & Cybersecurity section highlighting the National Institute of Standards and Technology's (NIST) newly released version 2.0 of its Cybersecurity Framework (CSF). CSF 2.0 broadens the framework's focus from critical infrastructure to a risk-based approach with desired outcomes, as well as adds an overarching govern function to the current five core functions. Mr. Francis explains that the updates signal an emphasis on risk governance, including supply chain risk management, and that companies can use the CSF to assess their current cybersecurity programs and create a roadmap for improvement. He also notes that although the CSF is voluntary, its risk- and outcome-based approach provides a helpful guide to the reasonableness standard found in many data security laws and regulations.

READ: NIST Cybersecurity Framework 2.0 (Subscription required)

Related Insights