The long-awaited Cybersecurity Framework version 1.1 was released on April 16, 2018, by the U.S. National Institute of Standards & Technology (NIST), and the response of the security industry is quite encouraging. A wide spectrum of organizations has already implemented, and many more are willing to adopt this framework. As stated in the NIST website, the framework is a set of standards, guidelines, and best practices to better manage cybersecurity-related risk. The Cybersecurity Framework is a flexible and cost-effective approach to protect the critical infrastructure and all of the other areas important to the economy and the national security.
The Cybersecurity Framework version 1.1 has added a section on correlating cybersecurity risk management metrics to organizational objectives. There are detailed guidelines for alleviating supply chain cyber risk and these guidelines are supported by supply chain risk management components. It further briefs on vulnerability disclosures and includes clear language on authentication, identification, and authorization. As the implementation of IoT and other advanced technologies is increasing within organizations, the framework also outlines the migration of inherent risks in such infrastructures.
The NIST Cybersecurity Framework is the most comprehensive best practices to be applied when planning to implement a cybersecurity framework or standard. Amid all the other cybersecurity programs available, the NIST Cybersecurity Framework provides nationally recognized guidelines to organizations as they expand their business and cybersecurity program.