NIST Releases Update to Cybersecurity Framework

The National Institute of Standards and Technology (NIST) has issued a draft update to the Framework for Improving Critical Infrastructure Cybersecurity—also known as the Cybersecurity Framework. Providing new details on managing cyber supply chain risks, clarifying key terms, and introducing measurement methods for cybersecurity, the updated framework aims to further develop NIST’s voluntary guidance to organizations on reducing cybersecurity risks. The Cybersecurity Framework was published in February 2014 following a collaborative process involving industry, academia and government agencies, as directed by a presidential executive order