NIST Releases Updated Cybersecurity Framework

"Cybersecurity is critical for national and economic security," said U.S. Secretary of Commerce Wilbur Ross. "The voluntary NIST Cybersecurity Framework should be every company's first line of defense. Adopting version 1.1 is a must do for all CEOs."

The National Institute of Standards and Technology this week released version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, better known as the Cybersecurity Framework. It was developed with a focus on industries vital to national and economic security, including energy, banking, communications, and the defense industrial base, and has proven flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as by federal, state, and local governments.

"Cybersecurity is critical for national and economic security," said U.S. Secretary of Commerce Wilbur Ross. "The voluntary NIST Cybersecurity Framework should be every company's first line of defense. Adopting version 1.1 is a must do for all CEOs."

"The release of the Cybersecurity Framework Version 1.1 is a significant advance that truly reflects the success of the public-private model for addressing cybersecurity challenges," said Walter G. Copan, under secretary of Commerce for standards and technology and NIST director. "From the very beginning, the Cybersecurity Framework has been a collaborative effort involving stakeholders from government, industry, and academia. The impact of their work is evident in the widespread adoption of the framework by organizations across the United States, as well as internationally."

Version 1.1 includes updates on authentication and identity, self-assessing cybersecurity risk, managing cybersecurity within the supply chain, and vulnerability disclosure. The changes are based on feedback collected through public calls for comments, questions received by team members, and workshops held in 2016 and 2017; NIST also circulated two drafts of Version 1.1 for public comment. "This update refines, clarifies, and enhances Version 1.0," said Matt Barrett, program manager for the Cybersecurity Framework. "It is still flexible to meet an individual organization's business or mission needs and applies to a wide range of technology environments, such as information technology, industrial control systems, and the Internet of Things."

Later this year, NIST plans to release an updated companion document, the Roadmap for Improving Critical Infrastructure Cybersecurity, which describes key areas of development, alignment, and collaboration. The agency also is planning a Cybersecurity Risk Management Conference, which will include a major focus on the framework, Nov. 6-8, 2018, in Baltimore.

Download Center

HTML - No Current Item Deck
  • Get the Ultimate Guide to OSHA Recordkeeping

    OSHA’s Form 300A posting deadline is February 1! Are you prepared? To help answer your key recordkeeping questions, IndustrySafe put together this guide with critical compliance information.

  • Steps to Conduct a JSA

    We've put together a comprehensive step-by-step guide to help you perform a job safety analysis (JSA), which includes a pre-built, JSA checklist and template, steps of a JSA, list of potential job hazards, and an overview of hazard control hierarchy.

  • Everything You Need to Know about Incident investigations

    Need some tips for conducting an incident investigation at work after there’s been an occupational injury or illness, or maybe even a near miss? This guide presents a comprehensive overview of methods of performing incident investigations to lead you through your next steps.

  • Free Safety Management Software Demo

    IndustrySafe Safety Management Software helps organizations to improve safety by providing a comprehensive toolset of software modules to help businesses identify trouble spots; reduce claims, lost days, OSHA fines; and more.

  • Industry Safe

OH&S Digital Edition

  • OHS Magazine Digital Edition - November December 2020

    November December 2020

    Featuring:

    • COLD STRESS
      Managing Cold Stress
    • TRAINING: FALL PROTECTION
      Providing Training for Fall Protection
    • PPE: HEARING PROTECTION
      Eight Tips for Hearing Testing Day
    • FACILITY SECURITY
      Incorporating COVID-19 Protections into Safety Programs
    View This Issue