January 10, 2017–The National Institute of Standards and Technology said today it issued a draft update of its voluntary cybersecurity framework for critical infrastructure sectors that it originally published in 2014, and is seeking comments on the draft through April 10. According to NIST the draft update includes new details on managing cyber supply chain risks, and measurement methods for cybersecurity improvements, among others.
“We wrote this update to refine and enhance the original document and to make it easier to use,” said Matt Barrett, NIST’s program manager for cyber framework, in a statement. “This update is fully compatible with the original framework, and the framework remains voluntary and flexible to adaptation,” he said. “In the update we introduce the notion of cybersecurity measurement to get the conversation started,” Mr. Barrett said, adding, “Measurements will be critical to ensure that cybersecurity receives proper consideration in a larger enterprise risk management discussion.” – John Curran, firstname.lastname@example.org