Wednesday, March 8, 2017

News on NIST's update to Cybersecurity Framework

As I have previously posted, and hopefully most are aware, NIST (National Institute of Standards and Technology) has released a draft for an update of the Cybersecurity Framework (CSF), to be v1.1.

Recently NIST held 2 webinars on the CSF, each an hour long.  One was an overview, and the other on the proposed updates.  The webinars had a limited number that could watch them live, but they have now put up the videos on their website.  Both are good to watch.

They have also released that they plan another Workshop, again at NIST Headquarters, on this proposed update.  The intention is similar to the previous Workshop- to go over the feedback they are receiving (soon to close) on the proposed update, and gather further feedback.  At this point the date is know: May 16 & 17.

The plan is still to release the final v1.1 in the Fall of 2017.

As always, you can find all this information on NIST's page on the CSF HERE.

Now.  Another interesting this was a proposal in Congress to have NIST audit federal agencies for their implementation of the Framework.  You can read the article HERE.  Now, I recommend reading the article first.  At this point its just a proposal that came out of a House Committee.  Needs a long way to go before its law.  But others have an issue with this, which I agree with.  NIST shouldn't be auditing anyone.  Setting down a protocol for audits?  Ok.  But leave it to others (agencies, etc) to do the auditing.  I also wonder why federal agencies should be expending such energy doing this when they have to implement FISMA.  Seems like an extra burden for them.

No comments:

Post a Comment