NIST Cybersecurity Framework Version 1.1 Released

by | Apr 26, 2018

The National Institute of Standards and Technology published an updated version of its Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) on April 16, 2018.

The Cybersecurity Framework was first made available on February 2014 and has been widely adopted by critical infrastructure owners and public and private sector companies to assist in their cybersecurity programs. While intended for to be utilized by critical infrastructure businesses, the flexibility of the framework means it can also be usedby a wide range of businesses, large and small, including healthcare groups.

The Cybersecurity Framework incorporates guidelines, standards, and best standard practices and provides a flexible approach to cybersecurity. There are many ways that the Framework can be used with adequate range for customization. The Framework helps groups tackle different threats and weaknesses and matches various levels of risk tolerance.

The Framework was formulated to be a living document that can be updated and improved over time as a reaction to feedback from users, changing best standard practices, new threats, and evolution in technology. The new version is the first significant update to the framework since 2014 and the result of two years of development.

NIST’s Matt Barrett, program manager for the Cybersecurity Framework, remarked that the latest version “refines, clarifies and enhances version 1.0.” While several amendments have been made in version 1.1, Barrett outlined, “It is still flexible to meet an individual organization’s business or mission needs and applies to a wide range of technology environments such as information technology, industrial control systems and the Internet of Things.”

Version 1.1 of the Cybersecurity Framework includes a range of updates in response to comments and feedback submitted in 2016 and 2017 from organizations that have already implemented the Framework.

Version 1.1 sees refinements to the guidelines on authentication, authorization and identity proofing and an improved explanation of the relationship between implementation tiers and profiles. The Framework for Cyber Supply Chain Risk Management has been majorly expanded and there is a new section on self-assessment of cybersecurity danger. The section on disclosure of weaknesses as also been expanded with a new subcategory added with regard to the vulnerability disclosure lifecycle.

“Cybersecurity is critical for national and economic security,” commented Secretary of Commerce Wilbur Ross. “The voluntary NIST Cybersecurity Framework should be every company’s first line of defense. Adopting version 1.1 is a must do for all CEO’s.”

NIST is also aiming to release an assisting ‘Roadmap for Improving Critical Infrastructure Cybersecurity’ later in 2018 and will be hosting a webinar later this month to collaborate the version 1.1 updates to the Framework.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy