Organizations looking for details on reducing cybersecurity risks can now view a draft update to the "Framework for Improving Critical Infrastructure Cybersecurity" from the National Institute of Standards and Technology (a.k.a. NIST's Cybersecurity Framework).
First published in February 2014, the Cybersecurity Framework offers voluntary guidance for those managing the cybersecurity of critical infrastructure such as bridges, the electric power grid, etc.
Feedback on the first draft was received from industry, academia and government agencies. Comments integrated in the 2017 draft include new details on managing cyber supply chain risks, plus clarification of key terms (particularly in regards to accounting for authentication, authorization and identity proofing) and an introduction of measurement methods for cybersecurity.
NIST says that the refinements and enhancements to the Cybersecurity Framework can be implemented with minimal or no disruption.
The deadline to send comments on version 1.1 is April 10, 2017. Feedback can be directed to cyberframework@nist.gov.