The National Institute of Standards and Technology has released its proposed update to the Cybersecurity Framework in an effort to provide new information on cyber supply chain risk management and introduce measurement processes for cybersecurity.
The 2017 Draft Framework for Improving Critical Infrastructure Security Version 1.1 also includes clarification on the definition of the terms “identity proofing,” “authorization” and “authentication” under the updated “identity management and access control” category, NIST said Tuesday.
Matt Barrett, NIST’s program manager for the Cybersecurity Framework, said the update seeks to facilitate the use of the framework, which he said will remain “voluntary and flexible to adaptation.”
NIST noted the draft update incorporates input from Cybersecurity Framework Workshop 2016 attendees and feedback from a request for information issued in 2015 as well as comments received since NIST published the framework’s version 1 in 2014.
NIST will accept comments to the draft update to the framework through April 10.