Framework for Improving Critical Infrastructure Cybersecurity Version 1.1

Published: April 16, 2018


Matthew P. Barrett


This publication describes a voluntary risk management framework ("the Framework") that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework's prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security. This release, Version 1.1, includes a number of updates from the original Version 1.0 (from February 2014), including: a new section on self-assessment; expanded explanation of using the Framework for cyber supply chain risk management purposes; refinements to better account for authentication, authorization, and identity proofing; explanation of the relationship between implementation tiers and profiles; and consideration of coordinated vulnerability disclosure. Complete information about the Framework is available at
Citation: NIST Cybersecurity Framework
Pub Type: Websites


critical infrastructure, cybersecurity, cybersecurity framework, risk management
Created April 16, 2018, Updated November 10, 2018