The Introduction to the Framework Roadmap learning module seeks to inform readers about what the Roadmap is, how it relates to the Framework for Improving Critical Infrastructure Cybersecurity ("The Framework"), and what the Roadmap Areas are.
Introduction to the Roadmap
The Roadmap is a companion document to the Cybersecurity Framework. The Roadmap, while not exhaustive in describing all planned activities within NIST, identifies key activities planned for improving and enhancing the Cybersecurity Framework. These activities may be carried out by NIST in conjunction with private and public sector organizations – or by those organizations independently. While the Roadmap is focused on activities around the Cybersecurity Framework, the results of work described in the Roadmap are expected to be useful to a broader audience to improve cybersecurity risk management.
Roadmap Areas for Development
The Roadmap continues to evolve with the Cybersecurity Framework. Roadmap Version 1.1 identifies 14 high-priority areas for development, alignment, and collaboration.
The 14 areas are:
- Confidence Mechanisms
- Cyber-Attack Lifecycle
- Cybersecurity Workforce
- Cyber Supply Chain Risk Management
- Federal Agency Cybersecurity Alignment
- Governance and Enterprise Risk Management
- Identity Management
- International Aspects, Impacts, and Alignment
- Measuring Cybersecurity
- Privacy Engineering
- Referencing Techniques
- Small Business Awareness and Resources
- Internet of Things (IoT)
- Secure Software Development
More information regarding each of these areas is included within the Roadmap located at Framework - Related Efforts.