. https://www.itgovernanceusa.com/blog/nist-releases-updated-version-of-the-cybersecurity-framework/
blog article
After circulating a draft in December and accepting feedback, on April 16, 2018, the US Department of Commerce’s National Institute of Standards and Technology (NIST) released version 1.1 of its Cybersecurity Framework (CSF). Formally titled “Framework for Improving Critical Infrastructure Cybersecurity,” the CSF is noted for its clearly written, thorough, and flexible approach to cybersecurity. NIST originally developed the Framework to protect US critical infrastructure sectors including energy, financial services, and transportation systems. However, NIST reports that the CSF “has since proven flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as by federal, state and local governments. ”The CSF continues to be a collaborative effort – NIST made a public call for changes and held workshops throughout 2016–2017 – with stakeholders from government, industry, and academia contributing. Version 1.1 includes refinements, clarifications, and enhancements, but has no fundamental changes. As pointed out in the introduction of the updated CSF, “compatibility with Version 1.0 has been an explicit objective.” NIST posted the process used to update the Framework on its dedicated website. READ MORE