Newsroom

The National Institute of Standards and Technology issued a draft update to its cybersecurity framework to clarify certain terms and introduce measurement methods for cybersecurity.

The new section on cybersecurity measurement explains how organizations can use the framework to measure cybersecurity "metrics" and "measures." The draft update also includes new details on managing cyber supply chain risks that might arise when dealing with cloud service providers or system integrators.

NIST said that draft "Version 1.1" of the framework can be implemented by first-time and current framework users with minimal or no disruptions. NIST is seeking public comments on the draft update, especially regarding other topics stakeholders wish to see addressed; comments are due to the agency April 10, 2017.

NIST released the cybersecurity framework in 2014, and it has continued work on the framework since. NAFCU has urged the agency to advocate for voluntary implementation of the framework.