Login Register Subscribe
Current Issue

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

National cyber security framework updated

Reprints

The National Institute of Standards and Technology has issued a draft update of its cyber security framework that provides new details on cyber supply chain risks, among other enhancements.

Gaithersburg, Maryland-based NIST published its original cyber security framework in February 2014. At the time, industry observers said although it targeted infrastructure industries such as utilities, its voluntary standards could help any company potentially mitigate legal liability from data breaches or other cyber threats.

The update reflects feedback received since its initial release, according to the statement issued earlier this month. In addition to providing new details on managing cyber supply chain risks, the update clarifies key terms, and introduces measurement methods for cybersecurity, according to the statement.

“We wrote this update to refine and enhance the original document and to make it easier to use,” said Matt Barrett, NIST’s program manager for the cyber security framework, in the statement. “This update is fully compatible with the original framework, and the framework remains voluntary and flexible to adaptation.”

The deadline to send comments on the draft, “Framework for Improving Critical Infrastructure Cyber Security Version 1.1,” is April 10.