Draft NIST framework update revamps earlier measurement, supply chain language

The National Institute of Standards and Technology’s newly unveiled second draft of “version 1.1” of the federal framework of cybersecurity standards refocuses language on cyber metrics to emphasize internal assessments, while eliminating entirely guidance for federal agency adoption and adding new language on vulnerability disclosure, among other changes.

The updated framework addresses concerns raised by industry following the January release of the first draft of version 1.1, which prompted NIST to solicit more feedback on the draft and host...