Lauded as a successful and flexible Cybersecurity Framework, National Institute of Standards and Technology (NIST) has been widely adopted by industries across both the private and public sector. Today, NIST will host a public webcast explaining the updates released by the US Commerce Department, NIST Version 1.1.
Since its inception, countless organizations have used the tool to manage their cyber risk, many of whom have shared their perspective on how NIST has enabled them to bring stakeholders together to manage risk. “According to Gartner, the framework is now used by 30% of US organizations and is projected to reach 50% by 2020,” said Nozomi Networks president and CEO Edgard Capdevielle.
Infrastructure giants from Bank of America, U.S. Bank and Pacific Gas and Electric, as well as Intel, Apple, AIG, QVC, Walgreens and Kaiser Permanente, are among those who have applied the existing framework. Countries across the globe from Italy to Israel and Uruguay have either adopted NIST or established their own version of the frameworks.
According to Capdevielle, “The updates to authentication and identity, self-assessing cybersecurity risk and management and vulnerability disclosure will help encourage broader adoption of the Cybersecurity Framework and cultivate a culture of innovation through transparency that the industrial and cybersecurity community could definitely use more of.”
The evolution of the threat landscape and technologies that put today’s digital enterprise at risk demanded that the framework be revisited. This update refines, clarifies and enhances the first Version 1.0, said Matt Barrett, program manager for the Cybersecurity Framework.
“It is still flexible to meet an individual organization’s business or mission needs, and applies to a wide range of technology environments such as information technology, industrial control systems and the Internet of Things,” Barrett said.
As an example of the positive impact NIST has across industries, the Transportation Security Administration (TSA) has released an update to its Pipeline Security Guidelines that was directly influenced by NIST’s framework.
Additional events on the NIST calendar this year include a Cybersecurity Risk Management Conference in Baltimore, Maryland, this fall. Those looking for additional guidance for the new frameworks can find helpful information on the Cybersecurity Framework website.