What NIST CSF 2.0 does
The NIST Cybersecurity Framework 2.0 builds on the original, providing a comprehensive structure for organisations to assess and improve their cybersecurity posture. It’s organised around six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. Each function is further broken down into Categories and Subcategories, offering granular guidance. The updated version introduces Profiles, which allow organisations to define their desired cybersecurity outcomes, and Tiers, which indicate their current level of maturity. This structured approach facilitates communication and collaboration across an organisation and with external stakeholders.
NIST CSF in Australian tenants today
In Australia, the NIST CSF is increasingly recognised as a valuable international reference point, often used in conjunction with the ACSC Essential Eight. AU mid-market organisations are leveraging it to enhance board reporting, demonstrating a commitment to cybersecurity best practice. It’s also proving useful in developing Compliance Manager templates and structuring vendor risk assessments, aligning with APRA CPS 234 and CPS 230 requirements for financial institutions. While not directly mandated by the OAIC or ASIC, the framework’s principles support compliance with the Privacy Act 2024 and the Notifiable Data Breaches scheme, and is increasingly referenced in the Australian Voluntary AI Safety Standard.