Line 65: |
Line 65: |
| The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program helps owners and operators align their organizations with the framework and manage their cyber risks. | | The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program helps owners and operators align their organizations with the framework and manage their cyber risks. |
| | | |
− | ===Version 2.0=== | + | ===Version 1.1=== |
| + | On April 16, 2018, NIST released the updates to version 1.0, which:<ref>[https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf Description of CF Version 1.1]</ref> |
| + | # Clarified that compliance terminology, |
| + | # Added Section on Self-Assessing Cybersecurity Risk, |
| + | # Expanded Section 3.3 on Communicating how to use Cyber Supply Chain Risk Management (SCRM), |
| + | # Added the Section 3.4 Buying Decisions, which highlights understanding the risk associated with commercial off-the-shelf products and services, |
| + | # Added Cyber SCRM criteria to the Tiers, |
| + | # Added Supply Chain Risk Management Category to the Framework Core, |
| + | # Refined the language of the Access Control Category to better account for authentication, authorization, and identity proofing, |
| + | # Explained the relationship between Tiers and Profiles, |
| + | # Integrated Framework considerations within organizational risk management programs, and |
| + | # Included a subcategory for coordinated vulnerability disclosure lifecycle. |
| | | |
| ==References== | | ==References== |
| | | |
| [[Category:Government Agencies]] | | [[Category:Government Agencies]] |