NIST Releases Version 1.1 of its Popular Cybersecurity Framework

The US Commerce Department’s National Institute of Standards and Technology (NIST) has released version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework. The framework was developed with a focus on industries vital to national and economic security, including energy, banking, communications and the defense industrial base. It has since proven flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as by federal, state and local governments. Version 1.1 includes updates on:

  • authentication and identity,
  • self-assessing cybersecurity risk,
  • managing cybersecurity within the supply chain and
  • vulnerability disclosure.

The changes to the framework are based on feedback collected through public calls for comments, questions received by team members, and workshops held in 2016 and 2017. Two drafts of Version 1.1 were circulated for public comment to assist NIST in comprehensively addressing stakeholder inputs.


NIST Releases Version 1.1 of its Popular Cybersecurity Framework