Search the Community
Showing results for tags 'Update'.
Found 2 results
On January 10, 2017, NIST released a draft update to the "Framework for Improving Critical Infrastructure Cybersecurity". Per NIST, the draft update was created to refine, clarify, and enhance version 1.0. The update is not intended to disrupt any organizations currently using the Framework. The updates should align with their current business process relating to the Framework and help add clarity for those implementing the Framework for the first time. NIST created the update based on comments received from the community through the December 2015 RFI and April 2016 workshop. Additionally, the update addresses several of the items listed for further analysis in the Framework companion document ("NIST Roadmap for Improving Critical Infrastructure Cybersecurity"). The refinements, clarification, and enhancements include a new section on cybersecurity measurements, a strong emphasis on supply chain risk management, refinements in the access control category, and to provide a better explanation of the relationship between the Implementation Tiers and Profiles. NIST is seeking public comment on the draft to improve the update before it goes final and to determine if the updates could impact an organization currently implementing the Framework. NIST intents to convene a workshop after reviewing public comments to further refine the update before the final update is published - currently planned for fall of 2017. Cybersecurity Framework version 1.1 is located on the NIST website at https://www.nist.gov/cyberframework/draft-version-11. What are you thoughts on the updates?
On Dec 5, 2014, NIST released an "Update on the Cybersecurity Framework". The full update is available at http://www.nist.gov/cyberframework/upload/nist-cybersecurity-framework-update-120514.pdf. The update provides a high-level summary of comments received through the Request For Information (RFI) released on Aug 26, 2014 and during the Tampa, FL workshop held Oct 29 & 30, 2014. The update in eight pages summarizes responses received on topics such as: How General Awareness of the Framework is being shared and received, Initial Experiences organizations have in using the Framework, Current thoughts on Framework Updates, The use of the Framework in Small/Medium-Sized Businesses, Regulation and Regulatory Concerns, Guidance for using the Framework, and International Aspects, Impacts, and Alignment of the Framework. The update also provided a summary on activities identified in the Framework Roadmap that NIST released in conjunction to the Framework. The update provides status updates on specific Roadmap areas including: Authentication Automated Indicator Sharing Supply Chain and Conformity Assessment Cybersecurity Workforce Standards Supporting the Framework Privacy Methodologies Finally, the update provides an overview of Next Steps NIST is considering to help address comments received during the workshop and RFI process. The first key next step is for NIST to continue increasing efforts to raise awareness of the Framework. Another NIST priority identified in the update was to develop and disseminate information and training materials to help organization use advance the use of the Framework. In addition to the training material NIST will explore options for providing publically-available Framework reference material. NIST also identified a goal for developing material on aligning the Framework to business processes.