The National Institute of Standards and Technology (NIST) has issued an update to its Framework for Improving Critical Infrastructure Cybersecurity, which includes information relating to managing supply chain risks, measuring methodology and reducing cybersecurity risks to organizations.
The new guidance includes feedback that NIST has received following the release of the Framework in 2012, as well as comments received from a Request for Information in 2015, and a recent workshop held in 2016.
According to NIST, the update includes the introduction of “the notion of cybersecurity measurement to get the conversation started […]. Measurements will be critical to ensure that cybersecurity receives proper consideration in a larger enterprise risk management discussion.”
The update will no doubt be early 2017 reading for CIOs and risk management folks.