Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Other (Initial Public Draft)

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1

Date Published: January 2017
Comments Due: April 10, 2017 (public comment period is CLOSED)
Email Questions to:


National Institute of Standards and Technology


On January 10, 2017, NIST released proposed updates to the Cybersecurity Framework. This draft Version 1.1 of the Cybersecurity Framework seeks to clarify, refine, and enhance the Framework, making it easier to use.  Updates were derived from feedback NIST received since the publication of Cybersecurity Framework Version 1.0, including responses to a December 2015 Request for Information (RFI), Views on the Framework for Improving Critical Infrastructure Cybersecurity, and discourse at Cybersecurity Framework Workshop 2016.  More information can be found at the Cybersecurity Framework site.

See the "Note to Reviewers on the Update and Next Steps" on pp. ii-iii for additional review guidance.



critical infrastructure; cybersecurity; Executive Order 13636; framework; security
Control Families

Access Control; Awareness and Training; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Planning; Program Management; Personnel Security; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity