NIST Releases Revised Framework for Public Comment
The National Institute of Standards and Technology (NIST) has released draft revisions to its voluntary “Framework for Improving Critical Infrastructure Cybersecurity.” This update revises the Framework to reflect input from NIST’s December 2015 Request for Information as well as input received during the workshop hosted by NIST in April 2016. The revisions introduce the idea of using metrics to measure the business impact of using the Framework and include a common “vocabulary” to extend the use of the Framework to suppliers and vendors. The updated framework was released in three versions: a markup that details the differences from the current version of the framework, a version without marked up changes, and an excel spreadsheet of “core” functions. Comments on the revised framework are due April 10.