An update is available for the Framework to improve Critical Infrastructure Cybersecurity - also known as the 'Cybersecurity Framework'.
This update provides new details on the risk management of the cybernetic supply chain, clarifies key terms and introduces measurement methods for cybersecurity. The objective of the same, is to continue developing the voluntary orientation of the National Institute of Standards and Technology (NIST for its acronym in English) to reduce the risks of cybersecurity.
The 'Cybersecurity Framework' was published in February by 2014 following a process of collaboration between the industry, the academic world and government agencies, as indicated by a presidential executive order of the United States of America.
The original goal was to develop a voluntary framework to help organizations manage the cybersecurity risk in critical infrastructure such as bridges or the electric power grid, but the framework was adopted by many types of organizations in the United States and even around the world.
The 1.1 2017 Framework project to improve the critical infrastructure cybersecurity, incorporates feedback from the publication of the 1.0 version of the framework, and integrates comments from the 2015 December information request, as well as comments from the attendees at the 2016 seminar on cybersecurity.
NIST Program Manager for Cybersecurity Framework Matt Barrett said: “We wrote this update to refine and improve the original document and to make it easier to use. […] This update is fully compatible with the original framework, which remains voluntary and flexible to adaptation. "
To help users who wish to apply the framework to the risk management of the cybernetic supply chain, the authors developed a vocabulary so that all organizations working together on a project can clearly understand cybersecurity needs. Examples of this management can be a small company that selects a cloud service provider or a federal agency hiring a systems integrator to build an IT system.
Matt Barrett also added: "In the update we introduced the notion of cybersecurity measure to start the conversation. The measurements will be essential to ensure that cybersecurity receives due consideration in a discussion about the company's risk management. "
Source: The original note was published HERE