Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Breadcrumb

  1. Home
  2. Cybersecurity

Cybersecurity

New Guidance on Hacking of U.S. Critical Infrastructure

U.S. and international government agencies published on February 8 a Joint Cybersecurity Advisory on malicious activity by a People’s Republic of China (PRC) state-sponsored cyber actor, known as Volt Typhoon, to compromise critical infrastructure and associated actions that should be urgently undertaken by all organizations. In addition to the joint Cybersecurity Advisory, CISA and our partners also released complementary Joint Guidance to help all organizations effectively hunt for and detect the sophisticated types of techniques used by actors such as Volt Typhoon, known as “living off the land.” 

Get Started

To protect your network, your customers, and your data, your organization needs cybersecurity guidance, solutions, and training that are practical, actionable, and enables you to cost-effectively address and manage your cybersecurity risks.

The NIST Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.

Introducing NIST Cybersecurity Framework 2.0

The National Institute of Standards and Technology (NIST) has unveiled the draft version of the highly anticipated Cybersecurity Framework (CSF) 2.0 for public comment. The deadline for public comment closed November 6, 2023. In CSF 2.0, a host of new features and enhancements come together to empower organizations in their cybersecurity endeavors. This updated framework goes beyond safeguarding critical infrastructure, now offering cybersecurity insights, guidance, and support for organizations of all sizes and types. Six core functions, including the new “govern” function, underscore the importance of internal decision-making processes in supporting cybersecurity strategies.

This draft includes an updated version of the CSF Core, reflecting feedback on the April discussion draft. This publication does not contain Implementation Examples or Informative References of the CSF 2.0 Core, given the need to frequently update them, but NIST has separately released initial Implementation Examples for public comment. Complementing the framework, NIST will launch a CSF 2.0 reference tool, facilitating navigation, search, and export of CSF Core data.

NIST does not plan to release another draft. The developers plan to publish the final version of CSF 2.0 in early 2024.

Image
Blue lock on a dark background

More Cybersecurity Resources