Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

NIST Releases Draft Update To Cybersecurity Framework

By Peter Stockburger
December 13, 2017
  • Cloud Computing
  • Data Breach
  • Enforcement
  • Government Information
  • Health Information Privacy
  • New and Proposed Laws
  • Privacy Rights
  • United States
Share on Facebook Share on Twitter Share via email Share on LinkedIn

In 2014, the National Institute of Standards and Technology (NIST) released its first version of the Framework for Improving Critical Infrastructure Cybersecurity (Cyber Framework). The Cyber Framework was originally developed as a voluntary framework to help private organizations and government agencies manage cybersecurity risk in the critical infrastructure space (e.g., bridges, power grid, etc.). Since then, it has been widely adopted across industry as a benchmark standard for measuring an enterprise’s cybersecurity readiness.

Following feedback NIST received in December 2015 from a Request for Information, and comments from attendees at the Cybersecurity Framework Workshop in 2016 held at the NIST campus in Maryland, NIST released a draft update to the Cyber Framework in January 2017 called Version 1.1. Some of the key changes in the draft update included:

  • Adding a new section on cybersecurity measurement to discuss the correlation of business results to cybersecurity risk management metrics and measures;
  • Expanding the use and understanding of cyber supply chain risk management frameworks;
  • Accounting for authentication, authorization, and identity proofing in the access control section of the framework; and
  • Better explaining the relationship between the various implementation tiers and profiles.

Last week, NIST released a second draft of Version 1.1, which is open for public comment through January 20, 2018. The new draft expands on issues such as supply chain security and vulnerability disclosure programs. It also emphasizes the need for companies using the framework to develop metrics to quantify their progress. NIST says it hopes to finalize Version 1.1 in the spring of 2018.

If you are interested in submitting comments on the new draft of Version 1.1, or learning more about its proposed changes that will likely take effect in 2018, the Dentons Privacy and Cybersecurity Group is ready to assist.

Dentons is the world’s largest law firm, a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner, and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Dentons’ Privacy and Cybersecurity Group operates at the intersection of technology and law, and has been singled out as one of the law firms best at cybersecurity by corporate counsel, according to BTI Consulting Group.  

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Peter Stockburger

About Peter Stockburger

Peter Stockburger is a partner at Dentons, and is a member of the Firm’s global Employment, Intelligence and Strategic Services, and Data Privacy groups. Peter’s practice focuses on the unique intersection between cybersecurity, data privacy, employment law and complex commercial litigation.

All posts Full bio

RELATED POSTS

  • Enforcement
  • General
  • New and Proposed Laws
  • United States

US State Privacy Update: California Privacy Protection Agency Announces Revised Rulemaking Timeline Under The CPRA

By Peter Stockburger
  • Privacy Rights

Russia’s new data law

By Nick Graham
  • Data Transfers
  • New and Proposed Laws

Obama’s European Privacy Headache

Since the revelations of Edward Snowden, there has been a wave of data privacy repercussions in Europe. Snowden, the former […]

By Nick Graham

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

  • Accountability
  • Asia Pacific
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Latin America
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Notices
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2022 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site