It’s been several years since the National Institute of Standards and Technology’s Cyber Security Framework 1.0 (NIST CSF) was released, and version 1.1 refines and clarifies key areas, including:
1) The correlation of business results to cybersecurity risk management. Section 4.0 ” Self-Assessing Cybersecurity Risk with the Framework” now includes multiple uses of measurement for self-assesment.
2) Clarification of the use of the Framework to manager cybersecurity within supply chains.
3) Focus on authorization, authentication and identity proofing under “Identity Management and Access Control”.
4) Vulnerability disclosure has been added.
5) Federal applicability statements have been removed.
The draft is in final revisions and includes responses to the NIST Request for Information, feedback and frequently asked questions, and input from attendees of two separate workshops held for the purpose of updating the standard. The final version is expected to be released in Q1 2018.
Click here to view the current draft of NIST CSF 1.1
Click here to learn how to apply NIST CSF to your (or your client’s) organization.
