Government Contracts Monitor

NIST Releases Cybersecurity Framework Version 1.0

February 20, 2014

On February 12, 2014, the National Institute of Standards and Technology (“NIST”) released the long-awaited Cybersecurity Framework Version 1.0. According to NIST, “The framework allows organizations—regardless of size, degree of cyber risk or cybersecurity sophistication—to apply the principles and best practices of risk management to improve the security and resilience of critical infrastructure.”

As previously reported here, NIST released a preliminary version in October and sought public comments. Version 1.0 incorporates those comments, although very few substantive changes were made. The largest substantive change from the preliminary version is a revised methodology to protect privacy and civil liberties. NIST describes the framework as a “living” document that will be continually updated to keep pace with the changes in technology, threats and other factors, as well as to incorporate lessons learned from its use. NIST also released a "Roadmap" to accompany the framework that lays out the path to future versions and describes ways to identify and address key areas for cybersecurity development, alignment and collaboration.

NIST’s announcement of the Framework can be found in its entirety here.

Katie Calogero is the attorney responsible for the content of this article.