NIST releases v1.1 of the Cybersecurity Framework

Hopefully by this point most are aware that NIST released after much work the updated version of the Cybersecurity Framework (CSF), now version 1.1.  This had been worked on over the last 2 years, was the topic of 2 workshops at NIST headquarters and produced 2 drafts.

It added one categories and 5-6 subcategories, and updated other items, like the information references.  They have also done a revamp of the website for the CSF, adding more resources there.  I do look forward to more informational references to be added, such as crosswalks to PCI-DSS, Standard of Good Practice, and others.

They have now announced that for 2018, instead of a workshop at NIST HQ, there will be a 3 day conference held in Baltimore in November.  Its now the “NIST Cybersecurity Risk Management Conference” and they have registration open along with a call for presentations.

I hope to attend the event, and based on what they are looking for from speakers, I think this will be a valuable conference.  As NIST is also working this year to update several documents related to FISMA, will be interesting how this affects this.  SP800-37 is scheduled to be released in October, and the final draft of SP800-53R5 is planned for October as well.

*** This is a Security Bloggers Network syndicated blog from Michael on Security authored by Michael R. Brown. Read the original post at: