NIST Framework v2.0 – A Must Have

The National Institute of Standards and Technology (NIST) Framework v2.0 is the gold standard cybersecurity resource for education, government and industry. The "framework" itself and the supporting technical documents are targeted to those people and teams responsible for implementing and support cybersecurity standards. Framework v2.0 is the newest version of the guidelines. Version 1.1 was the old standard.

If you want to sound like you know what you're talking about, ask your President what version of the NIST Framework the IT department is following. If they say v1.1, ask them to review the new v2.0 guidelines.

Buried deep within the NIST site, inside a Resource and Overview Guide, this summary...

The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other NIST resources help explain specific actions that can be taken to achieve each outcome. This guide is a supplement to the NIST CSF and is not intended to replace it. The CSF 2.0, along with NIST’s supplementary resources, can be used by organizations to understand, assess, prioritize, and communicate cybersecurity risks; it is particularly useful for fostering internal and external communication across teams — as well as integrating with broader risk management strategies. The CSF 2.0 is organized by six Functions — Govern, Identify, Protect, Detect, Respond, and Recover. Together, these Functions provide a comprehensive view for managing cybersecurity risk. This Resource & Overview Guide offers details about each Function to serve as potential starting points.