2 Feb 2017
On January 10, NIST has released a draft update of its Cybersecurity Framework.
The new draft is focused on managing cyber supply chain risks and introducing measurement methods for cyber security to help organizations reduce their risks.
New provisions for assessing the cybersecurity risk posed by third-party vendors and a new section on measuring the cost effectiveness of cybersecurity programs are also included.
In particular, the new draft includes considerations for vendor risk management and includes practical guidance for businesses to:
- determine cybersecurity requirements for suppliers and partners
- enact cybersecurity requirements through contracts
- communicate to suppliers and partners how those cybersecurity requirements will be verified and validated
- verify that cybersecurity requirements are met
The new version of NIST frmework also includes recommended metrics and measurements that organizations can use to evaluate the “relative cost effectiveness of various cybersecurity activities” and how those cybersecurity activities impact business objectives.
NIST has invited public comment on the draft (deadline April 10, 2017) to realease a final version in fall 2017.
Source: www.nist.gov
© Copyright 2021 - CYBERWISER.eu has received funding from the European Union’s Horizon 2020 research and innovation programme under the Grant Agreement no. 786668. The content of this website does not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of such content.