NIST Releases Revised Cybersecurity Framework
NIST, the National Institute of Standards and Technology, has released an updated version of its popular Cybersecurity Framework.
The framework focuses on industries vital to national and economic security, including energy, banking, communications, and the defense industrial base. It has since proven flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as federal, state, and local governments.
Version 1.1 includes updates on authentication and identity; self-assessing cybersecurity risk; managing cybersecurity within the supply chain; and vulnerability disclosure.
The changes to the framework are based on feedback collected through public calls for comments, questions received by team members, and workshops held in 2016 and 2017.
The Cybersecurity Framework is a voluntary framework developed through a collaborative process by industry, academia, and government stakeholders. NIST continues to facilitate and support the development of voluntary, industry-led cybersecurity standards, and best practices. It is designed to be relevant for every size, sector, and type of organization.
The document helps prioritize cybersecurity resources, and provides guidance on risk decisions and reducing risk. It enhances cybersecurity communication within an organization and with other organizations (such as partners, suppliers, regulators, and auditors) and helps organizations identify, manage, and assess cybersecurity risks.
NIST plans to release the Roadmap for Improving Critical Infrastructure Cybersecurity, an updated companion document, later this year.
EXPLORE BY CATEGORY
Stay Connected with CBIA News Digests
The latest news and information delivered directly to your inbox.