This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Date Published: December 5, 2017
Comments Due: January 19, 2018 (public comment period is CLOSED)
Email Questions to: firstname.lastname@example.org
On December 5, 2017 NIST published the second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurity (a.k.a., draft 2 of Cybersecurity Framework version 1.1). This second draft update aims to clarify, refine, and enhance the Cybersecurity Framework, amplifying its value and making it easier to use. The new draft reflects comments received to date, including those from a public review process launched in January 2017 and a workshop in May 2017.
Like Version 1.0 issued in February 2014, the proposed updates are the result of extensive consultation with the private and public sectors. This draft is intended to provide a flexible, voluntary, and effective tool to help organizations better manage their cybersecurity risks. Like the earlier proposed update, this draft is fully compatible with Version 1.0 and can be used as the basis for communication between organizations. The update:
NIST also issued a proposed update to the Roadmap for Improving Critical Infrastructure Cybersecurity. This document is informed by public comments and reflects ongoing and planned work relating to the Cybersecurity Framework and cybersecurity risk management more broadly. The Roadmap:
The comment period ends Friday, January 19, 2018. NIST anticipates finalizing Cybersecurity Framework v1.1 in Spring 2018. More information can be found at the Cybersecurity Framework site.
Access Control; Awareness and Training; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Planning; Program Management; Personnel Security; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity
Draft (2nd) Cybersecurity Framework v1.1 (no markup) (pdf)
Draft (2nd) Cybersecurity Framework v1.1 Core (xlsx)
Draft Roadmap v1.1 (pdf)
Cybersecurity Framework Draft v1.1 homepage