National cyber security framework updatedReprints
The National Institute of Standards and Technology has issued a draft update of its cyber security framework that provides new details on cyber supply chain risks, among other enhancements.
Gaithersburg, Maryland-based NIST published its original cyber security framework in February 2014. At the time, industry observers said although it targeted infrastructure industries such as utilities, its voluntary standards could help any company potentially mitigate legal liability from data breaches or other cyber threats.
The update reflects feedback received since its initial release, according to the statement issued earlier this month. In addition to providing new details on managing cyber supply chain risks, the update clarifies key terms, and introduces measurement methods for cybersecurity, according to the statement.
“We wrote this update to refine and enhance the original document and to make it easier to use,” said Matt Barrett, NIST’s program manager for the cyber security framework, in the statement. “This update is fully compatible with the original framework, and the framework remains voluntary and flexible to adaptation.”
The deadline to send comments on the draft, “Framework for Improving Critical Infrastructure Cyber Security Version 1.1,” is April 10.