The National Institutes of Standards and Technology will update its cybersecurity framework in an effort to address feedback from its users and aims to publish an initial draft for comment in early 2017.
NIST said Thursday it will work to address requests from customer feedback that asks the agency to publish a governance process that outlines the framework maintenance process, serve as convener of framework stakeholders and continue framework outreach.
“We are working from all of the feedback we’ve received since the framework was published on its use, best practices, outreach, prospective updates and governance,” said Matthew Barrett, NIST Cybersecurity Framework program manager.
NIST developed the “Framework for Improving the Critical Infrastructure Cybersecurity” to provide voluntary cybersecurity guidance and work to boost the security of the country’s infrastructure, the agency said.
The agency added it plans to analyze references in the document to update any outdated information and clarify the framework’s Implementation Tiers mechanism designed to help organization gauge its approach to cybersecurity risk management.