On April 16, 2018, the National Institute of Standards and Technology (“NIST”) released Version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). Although the Framework is drafted to protect complex critical infrastructure vital to national and economic security, companies of all sizes have adopted the Framework as industry standards and best practices to protect against cybersecurity threats and infiltration. In addition, on May 11 2017, President Trump issued an Executive Order directing all federal agencies to follow the Framework.
NIST first published the original Framework, Version 1.0, in 2014 and released two drafts of Version 1.1 for public comment (additional reporting on the draft Version 1.1 is available here). The final Version 1.1 includes several key updates, including:
To complement Version 1.1 of the Framework, NIST intends to release an update to the Roadmap for Improving Critical Infrastructure Cybersecurity (the “Roadmap”) later this year. The Roadmap, a companion document to the Framework, describes NIST’s plans for future iterations of the Framework and identifies key areas of development, alignment, and collaboration.
NIST will host a free webinar explaining the details of Version 1.1 of the Framework on April 27, 2018 at 1:00pm EST. NIST will also feature the recent updates to the Framework at its Cybersecurity Risk Management Conference in Baltimore, Maryland this November.
Companies of all sizes should carefully review the updated Framework and consider implementing the suggested best practices. Our firm is available to answer questions about the new Framework and assess contractor compliance with related cybersecurity regulations.