On August 8, 2023, the National Institute of Standards and Technology (“NIST”) released a draft of The NIST Cybersecurity Framework (CSF) 2.0,1 (the “CSF” or “Framework”) along with a Discussion Draft of the Implementation Examples.2 This draft makes the most significant changes to the Framework since its initial release in 2014.

On April 20, 2020, the Financial Stability Board released a “consultative document” on Effective Practices for Cyber Incident Response and Recovery (the “Proposal”). The Proposal requests public comment on a “toolkit” of effective practices designed to assist financial institutions in cyber incident response and recovery activities. This Legal Update discusses the content and context of