The new version of the federal Cybersecurity Framework being drafted at the National Institute of Standards and Technology will be “backwards compatible,” a workshop at the agency’s Gaithersburg, Maryland, headquarters was told Tuesday. It means organizations already using version 1.0 will be able to seamlessly adopt the new draft, NIST’s Matthew Barrett told attendees. As a result, he said, there would be less flexibility to tinker with the higher level concepts in the framework, like the five key functions that make up its core: identify, protect, detect, respond and recover. But each function is divided and subdivided and there’s more flexibility to add or delete concepts at those levels, Barrett explained. Adding or removing is fine, but “moving items to a different place in the conceptual framework” will break most implementations, he said, because companies or other organizations using it will have aligned their business processes with the structure in 1.0. Nonetheless, attendees […]
The post With flexibility in mind, NIST unveils latest draft of cyber framework appeared first on Cyberscoop.
Continue reading With flexibility in mind, NIST unveils latest draft of cyber framework→