Refinements and enhancements to the Framework include a new
section on self-assessment, more comprehensive treatment of identity management
and additional description of how to manage supply chain cybersecurity.
The U.S. Commerce Department’s National Institute of
Standards and Technology (NIST) has released
Version
1.1 of its popular Framework for Improving Critical Infrastructure
Cybersecurity.
The changes to NIST’s Cybersecurity
Framework are based on feedback collected through public calls for
comments, questions received by team members, and workshops held in 2016 and
2017. Two drafts
of Version 1.1 were released for public comment.
The new version is compatible with Version 1.0 and it remains
flexible, voluntary, and cost-effective. Refinements and enhancements include a
more comprehensive treatment of identity management and additional description
of how to manage supply chain cybersecurity.
Later this year, NIST plans to release an updated companion
document, the Roadmap for Improving Critical Infrastructure Cybersecurity, describing
key areas of development, alignment and collaboration.
The Framework consists of three parts: the Framework Core,
the Implementation…
