NIST Updates Cybersecurity Framework | Practical Law

NIST Updates Cybersecurity Framework | Practical Law

The National Institute of Standards & Technology (NIST) has updated its Framework for Improving Critical Infrastructure Cybersecurity, summarizing the feedback and responses it has received from stakeholders.

NIST Updates Cybersecurity Framework

Practical Law Legal Update 6-591-9105 (Approx. 3 pages)

NIST Updates Cybersecurity Framework

by Practical Law Intellectual Property & Technology
Published on 10 Dec 2014USA (National/Federal)
The National Institute of Standards & Technology (NIST) has updated its Framework for Improving Critical Infrastructure Cybersecurity, summarizing the feedback and responses it has received from stakeholders.
On December 5, 2014, the National Institute of Standards & Technology (NIST) provided an update to the Framework for Improving Critical Infrastructure Cybersecurity (Framework). The update addresses comments and feedback NIST received from stakeholders in response to its August 26, 2014 Request for Information and the Cybersecurity Framework Workshop it held on October 29 and 30, 2014.
The update summarizes stakeholders' opinions on:
  • Their awareness of the Framework.
  • Initial experiences using the Framework.
  • Whether and when to update the Framework.
  • How small and medium-sized businesses can and do use the Framework.
  • Concerns that the Framework remain voluntary.
  • The perceived value of additional guidance on how to use the Framework.
  • The importance of aligning the Framework with global cybersecurity concerns.
The update also summarizes stakeholders' comments in regard to the Roadmap that NIST published in conjunction with the Framework, which outlines several high-priority areas for the Framework's future improvement. These comments relate to the following areas of the Roadmap:
  • Authentication.
  • Automated Indicator Sharing.
  • Supply Chain and Conformity Assessment.
  • Cybersecurity Workforce.
  • Standards Supporting the Framework.
  • Privacy Methodology.
Finally, the NIST emphasized that it will both:
  • Increase efforts to raise awareness of the Framework, including through partnerships with other organizations.
  • Develop material on aligning the Framework with business processes, including integrating cybersecurity risk management with broader enterprise risk management.
For more information on the Cybersecurity Framework, see Legal Update, NIST Publishes Final Cybersecurity Framework.