NIST
Is
Updating
Its
Cybersecurity
Framework
NIST
is
planning
a
significant
update
of
its
Cybersecurity
Framework.
At
this
point,
it’s
asking
for
feedback
and
comments
to
its
concept
paper.
- Do
the
proposed
changes
reflect
the
current
cybersecurity
landscape
(standards,
risks,
and
technologies)?- Are
the
proposed
changes
sufficient
and
appropriate?
Are
there
other
elements
that
should
be
considered
under
each
area?- Do
the
proposed
changes
support
different
use
cases
in
various
sectors,
types,
and
sizes
of
organizations
(and
with
varied
capabilities,
resources,
and
technologies)?- Are
there
additional
changes
not
covered
here
that
should
be
considered?- For
those
using
CSF
1.1,
would
the
proposed
changes
affect
continued
adoption
of
the
Framework,
and
how
so?- For
those
not
using
the
Framework,
would
the
proposed
changes
affect
the
potential
use
of
the
Framework?
The
NIST
Cybersecurity
Framework
has
turned
out
to
be
an
excellent
resource.
If
you
use
it
at
all,
please
help
with
version
2.0.
Sidebar
photo
of
Bruce
Schneier
by
Joe
MacInnis.