The U.S. Commerce Department's National Institute of Standards and Technology (NIST) has issued a draft update to the Framework for Improving Critical Infrastructure Cybersecurityalso known as the Cybersecurity Framework. The update provides new details on managing cyber supply chain risks, clarifying key terms, and introducing measurement methods for cybersecurity, and aims to further develop NIST's voluntary guidance to organizations on reducing cybersecurity risks. The American National Standards Institute (ANSI) encourages all relevant stakeholders to submit draft comments to NIST by April 10, 2017.
Created through collaboration between industry and government, the framework was released in 2014 as a result of President Obama's Executive Order "Improving Critical Infrastructure Cybersecurity." It consists of standards, guidelines, and practices to promote the protection of critical infrastructure, and uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on business.
NIST requests that comments on the Draft Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 be sent to [email protected].
ANSI recently highlighted its activities from its members and partners, both international and domestic, that leverage standardization as a tool to combat cyber-threats. See the recent ANSI coverage.