A small federal agency in Gaithersburg, Md., has updated the seminal document underpinning how the government and industry should collaborate on cybersecurity — a key piece of President Trump’s strategy for securing federal networks.
This first-time revision to the 2014 framework of cybersecurity standards, a guide to cybersecurity risk management and for organizing cyber planning and strategy, was released on April 16. The National Institute of Standards and Technology has been making the rounds to familiarize industry and government audiences with the changes to the well-regarded document.
Changes include the addition of a section on self-assessment of cybersecurity risks for organizations; an expanded explanation of how to use the framework for cyber supply-chain risk management purposes; and new language on issues such as authenticating identities online.
But the real significance of the update is that it reflects continued buy-in by industry, more than four years after the framework’s original release, that this is the premier tool for organizing cybersecurity efforts in a way that satisfies the government but is…
