On December 5, the National Institute of Standards and Technology (NIST), part of the US Department of Commerce, released an update to its “Framework for Improving Critical Infrastructure Cybersecurity” (Framework). Released in February 2014, the Framework is intended to provide guidance for reducing cybersecurity risks to organizations in critical infrastructure sectors (energy, transportation, and communications, among others). The recent update provides a summary of public comments received by NIST regarding the Framework as well as the results of a recent government-private sector workshop. Specific topics addressed in the update include sectorspecific tools, guides, products, standards and services by various organizations in their cybersecurity risk management activities.

NIST Framework Update