As part of my daily job, I work with the NIST Cybersecurity Framework team. It is my pleasure to share with you that after 3 years of dialog with the community, the Cybersecurity Framework has been updated. This draft update, version 1.1, draws from discussions had at workshops, public comment periods, and general feedback received from stakeholders.
The update is a first and foremost an attempt to refine and clarify some aspects of the Framework. Additionally, the update adds additional information on topics that have been brought up as gaps in the original version, namely: cyber supply chain, measurement, and authentication. NIST is seeking comment on the draft from the community by April 10th 2017.
If you plan on being at RSA2017 in February, I will be moderating a panel on the Cybersecurity Framework implementation and update. Scheduled to join me are: the NIST Cybersecurity Framework Program Manager Matthew Barrett, Venable Senior Director for Technology Risk Management John Banghart, as well as Center for Internet Security VP and CFORUM Executive Director Tony Sager. We will be discussing the who, the what, and the where of the Framework at 8:00am on Thursday 2/16/2017 in Moscone North 131.
For those attending in person or who see the recap later, continue the conversation here, on CForum.
Come join us.