NIST Prepares Updates To Cybersecurity Framework

A draft version of the new framework may be available as early as this summer…

An article review.

As the cybersecurity landscape is constantly evolving, the tools we use to address risk need to evolve as well–and by this summer we should be getting our first look at planned changes to the NIST cybersecurity framework.  First released in 2014, the NIST framework has become the foundation for policies and regulations concerning network security, with its last major update taking place in 2018.

According to a representative from the White House Office of Management and Budget, the new framework will expand on subjects such as supply chain risk, the internet of things and IT governance.  Additionally, the new framework is expected to incorporate elements from other tools, such as the CISA’s Cybersecurity Performance Goals.

While the new framework is not expected to be officially released until 2024, the draft framework expected this summer will allow cybersecurity professionals across the public and private sector a chance to review the changes and offer valuable feedback.  Implementing the new guidance should be easier than before as well, as NIST plans to offer more specific use cases and examples of how the new framework can be applied.

You won’t need to depend on the NIST’s examples alone, though.  As always we will be reviewing the new framework and will be here to offer our take on just what it means for you and your organization.

Original article by Justin Doubleday writing for Federal News Network.