The International Standards Organization (ISO), in conjunction with the International Electrotechnical Commission (IEC), has published ISO/IEC 27110: Information technology, cybersecurity and privacy protection — Cybersecurity framework development guidelines. This document specifies guidelines for developing a cybersecurity framework. The guidelines specify that all cybersecurity frameworks should have the following concepts: Identify, Protect, Detect, Respond, Recover.
NIST is pleased to announce the release of NISTIR 8323 Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. The PNT Profile was created by using the NIST Cybersecurity Framework and can be used as part of a risk management program to help organizations manage risks to systems, networks, and assets that use PNT services.
Check out Kevin Stine’s latest blog (2021: What’s Ahead from NIST in Cybersecurity and Privacy?) which highlights NIST's decision to focus on nine priority areas over the next several years.
Check out the Cybersecurity Framework International Resources [nist.gov] page, where we added a new resource category (Additional Guidance) and another resource (The Coalition to Reduce Cyber Risk's Seamless Security: Elevating Global Cyber Risk Management Through Interoperable Frameworks [static1.squarespace.com]).
NIST has released Draft NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), for public comment. This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches. The public comment period closes on April 20, 2020. See the publication details for a copy of the draft and instructions for submitting comments.
NIST has published NISTIR 8170, Approaches for Federal Agencies to Use the Cybersecurity Framework. It provides guidance on how the Cybersecurity Framework can be used in the U.S. Federal Government in conjunction with the current and planned suite of NIST security and privacy risk management publications.
Given the growing global concern over the spread of the coronavirus (COVID-19), it is in the best interest of the attendees, speakers, and staff to cancel this year’s NIST Advancing Cybersecurity Risk Management Conference. Please stay tuned for future opportunities to engage, including potential virtual events.
A draft revision of NISTIR 8183, the Cybersecurity Framework (CSF) Manufacturing Profile, has been developed that includes the subcategory enhancements established in NIST's Framework Version 1.1. The public comment period for this document ends May 4, 2020.
Thank you to all who attended #RSAC2020 and had a chance to chat/interact with our team #NISTatRSAC! If you were unable to attend, be sure to check out the NCCoE session recaps: https://www.nccoe.nist.gov/events/rsa-conference-2020
In case you missed it, check out the recording of the "Promoting Cyber Interoperability: The Path Forward" event hosted by CSIS
Version 1.0 of the voluntary @NIST #Privacy Framework was just released! Check it out and consider adopting today.
Consider registering for the Privacy Framework Webinar, on January 29th, which will talk about its relationship with the Cybersecurity Framework. Also, consider the upcoming NICE Webinar, also on January 29th, which will talk about learning principles for cybersecurity practice
The NIST director's remarks on Cybersecurity and Privacy updates at RSA are now available
Come check us out at RSA!
Check out our new infographic which highlights the impact the Framework has had across industry.
Happy Anniversary! It has been five years since the release of the Framework for Improving Critical Infrastructure Cybersecurity and organizations across all sectors of the economy are creatively deploying this voluntary approach to better management of cybersecurity-related risks.
The Framework has now been downloaded more than half a million times, with Version 1.1 eclipsing over a quarter million downloads in just over nine months!
New Success Stories demonstrate how several diverse organizations all leverage the Cybersecurity Framework differently to improve their cybersecurity risk management.
Registration for the 2018 NIST Cybersecurity Risk Management Conference -- to be held November 7-9, 2018, at the Renaissance Baltimore Harborplace Hotel, in Baltimore, Maryland -- is now open. Sponsored by NIST, the three-day conference is expected to attract leaders from industry, academia, and government at all levels, including international attendees.
A recording of the July 9th webcast: 'Lessons Learned in Using the Baldrige Cybersecurity Excellence Builder with the Cybersecurity Framework' is now available. It can be found HERE.
Save the Date: NIST plans to host the Cybersecurity Risk Management Conference -- likely in Baltimore, MD -- during the week of November 4th. This event will expand on previous Framework workshops and incorporate other elements of cybersecurity risk management. Stay tuned!
Version 1.1 of the Framework was published on April 16, 2018. The document has evolved to be even more informative, useful, and inclusive for all kinds of organizations. Version 1.1 is fully compatible with Version 1.0 and remains flexible, voluntary, and cost-effective. Among other refinements and enhancements, the document provides a more comprehensive treatment of identity management and additional description of how to manage supply chain cybersecurity.
The recorded version of the April 27th webcast is available.
Success Stories regarding Framework use / Implementation have been added to the website! Our first Success Story comes from the University of Chicago, check it out HERE!
Start Using the Baldrige Cybersecurity Tool: Here's Help. First, the Information Security Team of the University of Kansas Medical Center (KUMC) began using the Baldrige Cybersecurity Excellence Builder (BCEB) -- which is a voluntary self-assessment tool based on the Cybersecurity Framework. Learn about their experience at: https://www.nist.gov/blogs/blogrige/start-using-baldrige-cybersecurity-tool-heres-help
Also, the next Baldrige Cybersecurity Excellence Builder Workshop, April 8, 8:30-3:30 pm, in Baltimore, MD. It's a practical, interactive workshop on using the Baldrige Cybersecurity Excellence Builder (BCEB). Details at: https://www.nist.gov/baldrige/qe/baldrige-cybersecurity-excellence-builder-workshop
RFC comments received on Draft 2 of Framework Version 1.1 and the Roadmap are now being reviewed. All responses will be published publicly in the coming weeks. NIST appreciates your feedback and as always, any additional comments can be directed to email@example.com(link sends e-mail).
Update on the Cybersecurity Framework July 1, 2015
Update on the Cybersecurity Framework December 5, 2014
Update on the Cybersecurity Framework July 31, 2014
Update on Development of the Cybersecurity Framework January 15, 2014
Update on Development of the Cybersecurity Framework December 4, 2013
Update on Development of the Cybersecurity Framework July 24, 2013