The U.S. Commerce Department's National Institute of Standards and Technology (NIST) has issued the second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurityalso known as the Cybersecurity Framework. The American National Standards Institute (ANSI) encourages all relevant stakeholders to submit draft comments to NIST by the deadline on Friday, January 19, 2018.
Created through collaboration between industry and government, the Cybersecurity Framework was released in 2014 as a result of an executive order signed by former president Barack Obama, "Improving Critical Infrastructure Cybersecurity." The framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure, and uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on business.
The second draft aims to clarify, refine, and enhance the framework, amplifying its value and making it easier to use. The latest draft reflects comments received to date, including those from a public review process launched in January 2017 and a workshop in May 2017.
ANSI encourages its stakeholders to submit comments for the latest draft of Cybersecurity Framework version 1.1.A draft Roadmap has also been included for comment. All comments aredue to NIST by 11:59 PM on Friday, January 19, 2018 via firstname.lastname@example.org. NIST reports that it anticipates finalizing Cybersecurity Framework version 1.1 in Spring 2018.