Cybersecurity Framework 1.1 Draft

The NIST Released its Cybersecurity Framework 1.1 draft today and you can find it here found here.

NIST Cybersecurity Framework Draft 1.1
Cybersecurity Framework 1.1 with comments
Cybersecurity Framework 1.1 draft excel

From Cybersecurity Framework 1.1 Draft

The draft Version 1.1 of Cybersecurity Framework refines, clarifies, and enhances the predecessor version 1.0 Version 1.1 can be implemented by first time and current Framework users. Current users can implement Version 1.1 with minimal or no disruption, as refinements were made with the objective of being compatible with Version 1.0. As with Version 1.0, use of the Version 1.1 is voluntary.  Users of Version 1.1 are invited to customize the Framework to maximize organizational value. The impetus to change and the proposed changes were collected from:

• Feedback and frequently asked questions to NIST since release of Framework Version 1.0 in February 2014,
• 105 responses to the December 2015 request for information (RFI), Views on the Framework for Improving Critical Infrastructure Cybersecurity, and
• Comments provided by approximately 800 attendees at a workshop held in Gaithersburg, Maryland on April 6-7, 2016. In addition, NIST previously released Version 1.0 of the Cybersecurity Framework with a companion document, NIST Roadmap for Improving Critical Infrastructure Cybersecurity. This Roadmap highlighted key “areas of improvement” for further “development, alignment, and collaboration.”  Through both private and public sector efforts, some areas of improvement have advanced enough to be included in the Framework Version 1.1