The National Institute for Standards and Technology issued the finalized updates to its Cybersecurity Framework April 16, 2018.
The new version 1.1 of the Cybersecurity Framework, which was developed through public feedback collected in 2016 and 2017, includes updates to authentication and identity, self-assessing cyber risk, managing cybersecurity within the supply chain and vulnerability disclosure.
“This update refines, clarifies and enhances version 1.0,” said Matt Barrett, program manager for the Cybersecurity Framework. “It is still flexible to meet an individual organization’s business or mission needs, and applies to a wide range of technology environments such as information technology, industrial co
ntrol systems and the internet of things.”
Version 1.1 includes updates on:
- authentication and identity,
- self-assessing cybersecurity risk,
- managing cybersecurity within the supply chain and
- vulnerability disclosure.
The changes to the framework are based on feedback collected through public calls for comments, questions received by team members, and workshops held in 2016 and 2017. Two drafts of Version 1.1 were circulated for public comment to assist NIST in comprehensively addressing stakeholder inputs.
“This update refines, clarifies and enhances Version 1.0,” said Matt Barrett, program manager for the Cybersecurity Framework. “It is still flexible to meet an individual organization’s business or mission needs, and applies to a wide range of technology environments such as information technology, industrial control systems and the Internet of Things.”
NIST is also planning a Cybersecurity Risk Management Conference—which will include a major focus on the framework—for November 6 through 8, 2018, in Baltimore, Maryland. Detailed information on the conference will soon be available on the Cybersecurity Framework website. The website also includes guidance for those new to the framework, links to framework-related tools and methodologies, and perspectives on the framework from those who use it.
NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. NIST is a non-regulatory agency of the U.S. Department of Commerce. To learn more about NIST, visit www.nist.gov.