Daily News

Draft NIST framework update revamps earlier measurement, supply chain language

December 06, 2017 |
Joshua Higgins Rick Weber
Bookmark and Share

The National Institute of Standards and Technology’s newly unveiled second draft of “version 1.1” of the federal framework of cybersecurity standards refocuses language on cyber metrics to emphasize internal assessments, while eliminating entirely guidance for federal agency adoption and adding new language on vulnerability disclosure, among other changes.

The updated framework addresses concerns raised by industry following the January release of the first draft of version 1.1, which prompted NIST to solicit more feedback on the draft and host...


Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on cybersecurity policy under the Trump administration.

Log in to access this content.