The U.S. National Institute of Standards and Technology (NIST) released a second draft of the Framework for Improving Critical Infrastructure Cybersecurity. According to NIST, the national and economic security of the United States depends on the reliable functioning of critical infrastructure. Toward that end, NIST has issued a Framework, dating back to 2014, that focuses on using business drivers to guide cybersecurity activities and considering cybersecurity as part of an organization’s risk management process.
The second draft of the Framework has changes to existing risk self-assessment guidelines, and new guidelines on authorization, authentication, identity proofing and vulnerability disclosure. The second draft of the Framework may be accessed by clicking here.