NIST Releases Draft Update of Cybersecurity Framework


Last week, the National Institute of Standards and Technology (NIST) issued a draft update of its Framework for Improving Critical Infrastructure Cybersecurity, or as we call it in the biz, the Framework. This is the first proposed change since the voluntary guidelines were published in February 2014.


See our previous post on why you should be using the Framework.

What’s New?

The Framework Version 1.1 contains an all-new section on the correlation between business results and cybersecurity risk management measures. There’s also additional guidance on how to use the Framework for cyber supply chain risk management (SCRM), identity management, and access control.

“We wrote this update to refine and enhance the original document and to make it easier to use,” says Matt Barrett, program manager for the Cybersecurity Framework. “This update is fully compatible with the original Framework, and the Framework remains voluntary and flexible to adaptation.”

What’s Our Take?

We’re in the process of studying these just-proposed changes and analyzing what they mean for our clients. While the Framework is not a panacea (wouldn’t that be nice?), it’s a great foundation for organizational cybersecurity. We look forward to reporting back soon. In the meantime, you can read the full text of Version 1.1. here.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

You may also like:

Dedicated Vs. Non-Dedicated HIPAA Security Officer
What is a Dedicated and Non-Dedicated HIPAA Security Officer?
What are the primary responsibilities of a HIPAA Security Officer?
What is a HIPAA Security Officer?

Subscribe now to get the latest updates!