On January 10, 2017, The National Institute of Standards and Technology’s (NIST) introduced updates to its Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). The draft update implements the comments received in December 2015 and the feedback from Cybersecurity Framework Workshop held in April 2016.
The updates to the 2014 version of Cybersecurity Framework include an agreed vocabulary on supply chain risk management and the addition of identity management. The changes make Cybersecurity Framework easier to use for businesses of all sizes. Matt Barrett, NIST’s program manager for the Cybersecurity Framework, said: “This update is fully compatible with the original framework, and the framework remains voluntary and flexible to adaptation.”
The recent update also introduces the notion of cybersecurity management. “Measurements will be critical to ensure that cybersecurity receives proper consideration in a larger enterprise risk management discussion,” Barrett said.
The draft is open for public comment until April 10, 2017. Comments can be sent to [email protected].