National Institute of Standards and Technology: Difference between revisions
| Line 65: | Line 65: | ||
The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program helps owners and operators align their organizations with the framework and manage their cyber risks. | The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program helps owners and operators align their organizations with the framework and manage their cyber risks. | ||
===Version | ===Version 1.1=== | ||
On April 16, 2018, NIST released the updates to version 1.0, which:<ref>[https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf Description of CF Version 1.1]</ref> | |||
# Clarified that compliance terminology, | |||
# Added Section on Self-Assessing Cybersecurity Risk, | |||
# Expanded Section 3.3 on Communicating how to use Cyber Supply Chain Risk Management (SCRM), | |||
# Added the Section 3.4 Buying Decisions, which highlights understanding the risk associated with commercial off-the-shelf products and services, | |||
# Added Cyber SCRM criteria to the Tiers, | |||
# Added Supply Chain Risk Management Category to the Framework Core, | |||
# Refined the language of the Access Control Category to better account for authentication, authorization, and identity proofing, | |||
# Explained the relationship between Tiers and Profiles, | |||
# Integrated Framework considerations within organizational risk management programs, and | |||
# Included a subcategory for coordinated vulnerability disclosure lifecycle. | |||
==References== | ==References== | ||
[[Category:Government Agencies]] | [[Category:Government Agencies]] | ||