Estafette
Compose Login
You are browsing eu.zone1 in read-only mode. Log in to participate.
rss-bridge 2026-02-24T12:00:00+00:00

Celebrating Two Years of CSF 2.0!

Celebrate this milestone with us! Email us at csf [at] nist.gov (csf[at]nist[dot]gov) or tag @NISTcyber on X telling us what your favorite CSF 2.0 resource is (or how your organization has benefitted from implementing the CSF 2.0). Today marks two years since the publication of the Cybersecurity Framework (CSF) 2.0! Published in 2024, the CSF 2.0 included the addition of a Govern Function, increased emphasis on cybersecurity supply chain risk management, updated categories and subcategories to address current threat and technology shifts, and expansion into a suite of resources designed to make the CSF 2.0 easier to

---

[Image: Stephen Quinn]

#### Stephen Quinn

Mr. Stephen Quinn joined the National Institute of Standards and Technology (NIST) in 2004 and serves as a senior computer scientist in the Information Technology Laboratory (ITL). Mr. Quinn is the lead author for Integrating NIST risk management project work within the paradigm of Enterprise Risk Management (ERM). He is also program manager for the National Checklist Program and the National Online Informative Reference (OLIR) programs at NIST. He is a co-originator of the NIST Security Content Automation Protocol (SCAP).

Stephen was named to the “Federal 100” by the trade publication Federal Computer Week (FCW) and received the Department of Commence Gold Medal Award for his work in automating security protocols for applications. He also received the Federal CIO Council Leadership award for related work.

Prior to joining NIST, Steve worked in the private sector as a consultant to the Department of Defense and large commercial outsourcings with Wall Street banking firms and insurance companies. Specifically, he comes from an operational background, having owned two companies that provided service offering for vulnerability assessments, designing security architectures, code development, risk management, certifications and accreditations, and ST&Es. His research experience and practitioner experience includes managing and remediating risks specific to computer viruses/malware, intrusion detection systems (IDSs), vulnerability/misconfiguration identification, categorization, and remediation.

---

[Original source](https://www.nist.gov/blogs/cybersecurity-insights/celebrating-two-years-csf-20)

Reply