The rise of the NIST cybersecurity framework

0
135

The National Institute of Standards and Technology (NIST), the technical standards agency, has recently released the widely-referenced Cybersecurity Framework (version 1.1), incorporating input from industry and other stakeholders.

The Framework now includes: (i)  a new section on correlating cybersecurity risk management metrics to organizational objectives; (ii) expanded guidance for mitigating supply chain cyber risk, and underscores this new component by adding a Supply Chain Risk Management Category to the Framework Core; (iii) addresses vulnerability disclosures; (iv) refined language on authentication, identification and authorization; and (v)  treatment of the risks inherent in the Internet of Things (IoT) in addition to critical infrastructure. NIST removed a superfluous section on Federal Alignment, which detailed requirements for federal information systems. 

NIST standards have long been at the forefront of secure infrastructure system development, from Special Publication (SP) 800-53, which mandates security requirements for federal government IT systems, to SP 800-144, Guidelines on Security and Privacy in Cloud Computing. In 2012, with the rise of attention to…

Read More…