By: Jessie Bur
/arc-anglerfish-arc2-prod-mco.s3.amazonaws.com/public/7R4VAM66PFADBJHPEOGMD6ELMY.jpg)
The novel version 1.1 of the Cybersecurity Framework, which was developed through public feedback collected inwards 2016 together with 2017, includes updates to authentication together with identity, self-assessing cyber risk, managing cybersecurity inside the provide chain together with vulnerability disclosure. “This update refines, clarifies together with enhances version 1.0,” said Matt Barrett, programme managing director for the Cybersecurity Framework. “It is soundless flexible to encounter an private organization’s concern or mission needs, together with applies to a broad hit of engineering environments such every bit data technology, industrial command systems together with the cyberspace of things.” A House pecker that would lead hold position the National Institute of Standards together with Technology inwards accuse of auditing way cybersecurity practices was amended to house that responsibleness inwards the hands of way inspectors general, a motility which a policy goodness said volition give the pecker a ameliorate risk of passage.
NIST also plans to liberate an updated Roadmap for Improving Critical Infrastructure Cybersecurity afterwards this twelvemonth every bit a companion to the framework.
“Engagement together with collaboration volition maintain to live on essential to the framework’s success,” said Barrett. “The Cybersecurity Framework volition postulate to evolve every bit threats, technologies together with industries evolve. With this update, we’ve demonstrated that nosotros lead hold a goodness procedure inwards house for bringing stakeholders together to ensure the framework remains a keen tool for managing cybersecurity risk.”
The NIST Cybersecurity Framework has featured heavily inwards recent authorities information technology together with cybersecurity initiatives, together with received a callout inwards the White House information technology Modernization reportreleased inwards Dec 2017.
In a tidings release, Rep. Jim Langevin, D-R.I., applauded the update for keeping the framework relevant inwards the appear upward of a changing cyber landscape:
“In the 4 years since its release, countless organizations lead hold used the NIST Cybersecurity Framework to voluntarily assess their cybersecurity risk posture, position gaps, together with prioritize safety best practices. As demonstrated yesteryear the Russian government’s targeting of our election systems, however, the cybersecurity threats to our critical infrastructure maintain to evolve. Today’s liberate marks an of import development of the Framework that volition ensure it remains relevant every bit risk management practices modify to maintain footstep amongst the threat.”
Langevin added that, piece the framework straightaway has many positive additions, the update procedure did missy out on an chance to offering to a greater extent than concrete guidance on ways to quantify risk.
Industry, too, offered back upward for the novel changes.
“There’s a lot to similar inwards the novel Framework, but ane surface area where they made big strides is on provide chain risk management,” said David Damato, principal safety officeholder at Tanium.
“2017 was the twelvemonth of the provide chain attack, amongst attacks from NotPetya to CCleaner originating amongst a breach of a company’s third-party partner. The increasing attending NIST is bringing to this issue, together with the standardized linguistic communication they offer, volition become a long way inwards helping organizations ameliorate sympathise the risks associated throughout their provide chain.”
NIST plans to host a webcast on the updated framework Apr 27, 2018, together with the framework volition also characteristic heavily at the agency’s Cybersecurity Risk Management Conference inwards Nov 2018.
Buat lebih berguna, kongsi:
