Cybersecurity Framework V1.1 Publishes

Wednesday, December 6, 2017 @ 11:12 AM gHale


The second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurity published Tuesday by the National Institute of Standards and Technology (NIST).

The goal of the second draft update is to clarify, refine and enhance the Cybersecurity Framework. The new draft reflects comments received to date, including those from a public review process launched in January 2017 and a workshop in May 2017.

RELATED STORIES
Framework Publishes for Cyber-Physical Systems
DHS’ Cyber Threat Info Sharing Needs to Improve
Smart Grid Interoperability Test
Utility Execs Fear Grid Attacks: Report

Public comments for draft 2 of Cybersecurity Framework version 1.1 and the draft Roadmap are due to NIST by 11:59 p.m. Friday, January 19.

NIST anticipates finalizing Cybersecurity Framework version 1.1 in the spring of 2018.

On Tuesday, NIST published the second draft of the proposed update. Like Version 1.0 issued in February 2014, the proposed updates are the result of extensive consultation with the private and public sectors.

This draft is intended to provide a flexible, voluntary, and effective tool to help organizations better manage their cybersecurity risks, according to NIST. Like the earlier proposed update, this draft is fully compatible with Version 1.0 and can end up used as the basis for communication between organizations.

Some of the highlights of the update include:
• Declares applicability of Cybersecurity Framework for “technology,” which is minimally composed of Information Technology, operational technology, cyber-physical systems, and Internet of Things
• Enhances guidance for applying the Cybersecurity Framework to supply chain risk management
• Summarizes the relevance and utility of Cybersecurity Framework measurement for organizational self-assessment
• Better accounts for authorization, authentication, and identity proofing
• Administratively updates the Informative References

NIST also issued a proposed update to the roadmap for improving critical infrastructure cybersecurity. The roadmap:
• Describes future activities related to the Cybersecurity Framework and offers stakeholders another opportunity to participate actively in the continuing Cybersecurity Framework development process
• Includes new topics of focus since the initial roadmap version, including: The cyber-attack lifecycle, measuring cybersecurity, governance and enterprise risk management, referencing techniques for informative references, and small businesses awareness and resources

More Information is available on the NIST fact sheet.



Leave a Reply

You must be logged in to post a comment.