NIST Proposes Updates to Cybersecurity Framework

On December 5, the National Institute of Standards and Technology (NIST) released the Draft NIST Roadmap for Improving Critical Infrastructure Cybersecurity Version 1.1. This draft Version 1.1 of the Cybersecurity Framework seeks to clarify, refine, and enhance the original version of the Framework.  Updates in this framework were derived from feedback NIST has received since publication of Cybersecurity Framework Version 1.0 such as the comments provided by HIMSS and other stakeholders on the initial draft of v1.1, their many outreach engagements, and the 2016 and 2017 NIST-hosted Framework workshops.

The draft revision hopes to:

  • Enhance guidance for applying the Framework for supply chain risk management
  • Provide guidance on self-assessment of cybersecurity risk using the Framework
  • Clarify use of Implementation Tiers and their relationship to Profiles
  • Add the concept of identity proofing and authorization
  • Add the concepts of Coordinated Vulnerability Disclosure


NIST will be hosting two back-to-back webinars on December 20 at 2PM for a Framework 101 overview webinar – and at 3PM for a webinar about the Framework v1.1 and Roadmap updates. During the webinar NIST will be taking questions from the community and listening to stakeholder feedback.  For more information, an agenda, and to register, visit this page.