NIST.gov: The National Institute of Standards and Technology (NIST) has issued a draft update to the Framework for Improving Critical Infrastructure Cybersecurity—also known as the Cybersecurity Framework. Providing new details on managing cyber supply chain risks, clarifying key terms, and introducing measurement methods for cybersecurity, the updated framework aims to further develop NIST’s voluntary guidance to organizations on reducing cybersecurity risks.
The Cybersecurity Framework was published in February 2014 following a collaborative process involving industry, academia and government agencies, as directed by a presidential executive order (link is external). The original goal was to develop a voluntary framework to help organizations manage cybersecurity risk in the nation’s critical infrastructure, such as bridges and the electric power grid, but the framework has been widely adopted by many types of organizations across the country and around the world. The Cybersecurity Enhancement Act of 2014 (link is external) calls for NIST to continue its work on the framework.
The most significant government policy, business, and technology news and analysis delivered to your inbox.
Subscribe Now