Second Draft of the Revised NIST Cybersecurity Framework Published
The second draft of the revised NIST Cybersecurity Framework has been published. Version 1.1 of the Framework includes important changes to some of the existing guidelines and several new additions.
Version 1.0 of the NIST Cybersecurity Framework was first published in 2014 with the aim of helping operators and owners of critical infrastructure assess their risk profiles and improve their ability to prevent, detect, and respond to cyberattacks. The Framework establishes a common language for security models, practices, and security controls across all industries.
The Framework is based on globally accepted cybersecurity best practices and standards, and the adoption of the Framework helps organizations take a more proactive approach to risk management. Since is publication in 2014, the Framework has been adopted by many private and public sector organizations to help them develop and implement effective risk management practices.
Following the release of the CSF, NIST has received numerous comments from public and private sector organizations on potential enhancements to improve the usability of the Framework. Those comments were taken on board and incorporated in the first revised draft of the Framework which was published in January 2017. The latest draft includes several refinements that take into account feedback received on the first draft of the revised Framework.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Several changes have been made in version 1.1 of the NIST CSF to meet the requirements of the Cybersecurity Enhancement Act of 2014, which led to the creation of the NIST CSF. The first version of the NIST CSF failed to address all of the requirements, although the latest update brings the NIST CSF closer to meeting all of its initial goals.
The latest version of the Framework clarifies some of the language relating to cybersecurity measurement, further guidance is included on improving supply chain security, and changes have been made to incorporate mitigating the risk of IoT devices and operational technology.
NIST has also issued an update to its Roadmap for Improving Critical Infrastructure Security which details several topics that will be considered for upcoming revisions of the Framework and details of future planned activities.
Adoption of the Framework is voluntary for most organizations, which can choose an appropriate implementation tier to suit their cybersecurity risk management practices. However, the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure in May 2017 made the adoption of the Framework mandatory for all federal agencies.
Comments on the second draft of the revised NIST Cybersecurity Framework are being accepted until January 19, 2018. The final version of version 1.1 of the Cybersecurity Framework is expected to be released in Spring 2018.
