The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has issued the second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurity, also known as the Cybersecurity Framework.
Relevant stakeholders are encouraged to submit draft comments to NIST by January 19, 2018.
Created through industry and government collaboration, the Cybersecurity Framework was released in 2014 as the result of an executive order signed by former president Barack Obama.
The framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The framework uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs, without placing additional regulatory requirements on businesses.
The second draft aims to clarify, refine, and enhance the framework—amplifying its value and making it easier to use. The latest draft reflects comments received to date.
The latest draft of Cybersecurity Framework version 1.1 can be viewed here. A draft Roadmap has also been included for comment.
Comments are due by 11:59 PM on January 19 and can be submitted at cyberframework@nist.gov.
The Cybersecurity Framework version 1.1 is expected to be finalized in spring 2018.