NIST moving forward, cautiously, on framework revisions
Big changes to the National Institute of Standards and Technology’s Cybersecurity Framework, such as the introduction of a section on coordinated vulnerability disclosure, may be pushed off to a future major revision rather than be included in the forthcoming Version 1.1. That’s the takeaway from a report last week of the NIST public consultation workshop in May, in which the agency lays out plans to complete the overhaul of the popular cybersecurity guide by early next year. The commitment to “backwards compatibility” — ensuring users of the existing Version 1.0 can employ the new Version 1.1. — means that only smaller tweaks, like the addition of multi-factor identity authentication or new language for Internet of Things risks, can be addressed in the update. In the report, NIST laid out plans to inch ahead with a number of proposed changes to the draft V1.1 released in January. They include: Rewrites to the section on measuring cybersecurity — business leaders wanted it […]
The post NIST moving forward, cautiously, on framework revisions appeared first on Cyberscoop.
Continue reading NIST moving forward, cautiously, on framework revisions