Last week, the US Commerce Department’s National Institute of Standards and Technology (NIST) released version 1.1 of its increasingly widely-used Cybersecurity Framework.
Version 1.1 includes updates on:
- Authentication and identity,
- Self-assessing cybersecurity risk,
- Managing cybersecurity within the supply chain, and
- Vulnerability disclosure.
The changes are based largely on public input and feedback. Matt Barrett, program manager for the Cybersecurity Framework, commented: "This update refines, clarifies and enhances Version 1.0. It is still flexible to meet an individual organization’s business or mission needs, and applies to a wide range of technology environments such as information technology, industrial control systems and the Internet of Things.”
See also this Fact Sheet summarizing the updates, the Cybersecurity Framework Website (which includes these helpful FAQs), this memo from Sidley, and numerous additional resources on our Cybersecurity page.
NIST will host a free public Webcast explaining Version 1.1 in detail on April 27th at 1 pm ET.