NIST Cybersecurity Framework 2.0 Released as Cyberattacks Reach All-time High

Is there any hope against hackers?

First Major Cybersecurity Framework Revision

With cyberattacks at an all-time high, the National Institute of Standards and Technology has unveiled its first major revision of its landmark cybersecurity framework.

With Cybersecurity Framework 2.0, NIST expands the guidance’s scope beyond critical infrastructures like power plants and hospitals.

Kevin Stine, chief of the institute’s Applied Cybersecurity Division, said in a press release, “This update aims to make the framework even more relevant to a wider swath of users in the United States and abroad.”

As tension escalates between the US and adversaries, cyber criminals have honed in on smaller organizations, like school districts and local governments, because they’re more likely to lack stringent cybersecurity measures.

10 Year Anniversary

The first cybersecurity framework was released in 2014 following an executive order from President Obama.

The framework’s core is now organized around six key functions:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover
  • Govern


The added emphasis on governance incorporates policies and strategies addressing cybersecurity at a higher organizational level to ensure principles are applied across an organization.

Supply Chain Security

Another big enhancement is the focus on supply chain security, acknowledging the interconnectedness of modern businesses.

Version 2.0 also offers self help services, like quick start guides and a searchable resource catalog, for organizations to use implementing the framework.

NIST said the framework now aligns more closely with the broader goals in the National Cybersecurity Strategy.

The release comes as technology struggles to keep up with increasingly sophisticated cyberattacks.