Biden administration issues new cyber road map

What's inside: NIST's Cybersecurity Framework 2.0 details how companies can best structure their organizations to address various security issues, such as supply chain security and identity management.

• The framework is organized around six functions: governing internal cyber programs, identifying potential weaknesses and threats, protecting against those threats, detecting abnormal activity on a network, responding to a cyberattack, and recovering from one.
• NIST has published a reference tool, user guides and examples of ways to implement the framework to help organizations digest the material.

Catch up quick: NIST first published its framework in 2014, and this week's update was two years in the making.

• The first version of the framework focused on advice for critical infrastructure organizations. Now, the framework explicitly provides advice for all organizations, NIST said.

The big picture: Cybercriminals and nation-state hackers have become stealthier and more sophisticated in the decade since NIST first published its framework.

• And artificial intelligence tools are expected to help hackers get faster and better at writing phishing emails and malware.

What's next: The NIST framework is voluntary for most companies but could be a basis for government requirements that contractors face.

• The agency expects that it will take the "pulse of industry" every couple of years to assess when another update is needed, Adam Sedgewick, NIST's acting associate director for IT standardization, said during an Aspen Institute event Monday.