14,952
edits
Changes
National Institute of Standards and Technology (view source)
Revision as of 17:20, 20 July 2021
, 3 years ago→Version 2.0
The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program helps owners and operators align their organizations with the framework and manage their cyber risks.
The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program helps owners and operators align their organizations with the framework and manage their cyber risks.
===Version 2.0===
===Version 1.1===
On April 16, 2018, NIST released the updates to version 1.0, which:<ref>[https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf Description of CF Version 1.1]</ref>
# Clarified that compliance terminology,
# Added Section on Self-Assessing Cybersecurity Risk,
# Expanded Section 3.3 on Communicating how to use Cyber Supply Chain Risk Management (SCRM),
# Added the Section 3.4 Buying Decisions, which highlights understanding the risk associated with commercial off-the-shelf products and services,
# Added Cyber SCRM criteria to the Tiers,
# Added Supply Chain Risk Management Category to the Framework Core,
# Refined the language of the Access Control Category to better account for authentication, authorization, and identity proofing,
# Explained the relationship between Tiers and Profiles,
# Integrated Framework considerations within organizational risk management programs, and
# Included a subcategory for coordinated vulnerability disclosure lifecycle.
==References==
==References==
[[Category:Government Agencies]]
[[Category:Government Agencies]]