The National Institute of Standards and Technology’s (NIST) updated Cybersecurity Framework, scheduled for release later this year, should provide some welcome new advice for organizations struggling to manage cyber-risk in the current threat environment.
The key areas where the framework will provide guidance is about supply chain risks, identity management and cybersecurity risk assessment and measurement. NIST released two draft framework updates containing the changes last year – the second in December 2017. It is currently reviewing public comments and will release a finalized version in the spring.
A De Facto Standard
First published in Feb 2014, the Cybersecurity Framework was originally developed to help critical infrastructure operators assess cyber risk and implement business-appropriate countermeasures for dealing with those risks. Over the years, the framework has been adopted by critical infrastructure organizations along with other industries of all sizes. It’s most important contribution has been to create a common vocabulary for identifying,…
