Four years after the initial iteration was released, the National Institute of Standards and Technology (NIST) released version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity.
The framework was initially developed to be a voluntary, risk-based framework to improve cybersecurity for critical infrastructure in the United States. It’s the result of an Executive Order 13636 issued by President Obama calling for the development of a set of standards, guidelines and practices to help organizations charged with providing the nation’s financial, energy, health care and other critical systems better protect their information and physical assets from cyber attack.
Like the first version, Version 1.1 of the framework was created through public-private collaboration via a series of recommendations, drafts and comment periods.
Changes to Version 1.1 include updates on authentication and identity, self-assessing cybersecurity risk, managing cybersecurity within the supply chain and vulnerability disclosure, among others.
Review of changes
For one, the update has renamed the Access Control Category to Identity Management and Access Control to better account for…
