A new version of CSF is out with a few changes [NIST and csoonline]:
- better correlation of cybersecurity risk management metrics to organizational objectives
- supply chain cyber risk
- vulnerability disclosures
- refined authentication, identification and authorisation
- Internet of Things (IoT) in addition to critical infrastructure
- self-assessing cyber security
- removed Federal Alignment