The National Institute of Standards and Technology, is helping America address critical cybersecurity challenges, often releases updates to the framework.
The compliance programs managed by NIST affect organizations across the public and private sectors alike, and industry-specific compliance programs commonly base their regulations on NIST guidelines. Thus, many organizations understand they must need ongoing efforts to remain compliant with NIST’s guidelines.
NIST has announced or published a number of important changes over the past few months. Currently, the office is preparing to release updates to Special Publication (SP) 800-171, which deals with contractors’ methods for protecting sensitive government data. Top researchers within the organization also have been hard at work to identify algorithms for protecting against new “quantum” attack methods that cyber criminals have been launching.
Perhaps of greater impact in the near term, however, is NIST’s latest revision to SP 800-37, which lays out the foundational Risk Management Framework (RMF) for information systems, individuals and organizations. The changes, published as Revision 2 of SP 800-37, come in response to the White House’s Executive Order 13800, which aims to strengthen critical infrastructure and federal networks.
Organizations aiming to stay compliant with RMF standards will be looking for guidance on the Revision 2 updates. To help, here’s a quick summary of the major changes:
- Greater responsibility for risk management initiatives within the C-suite and corporate governance.
- Greater institutional responsibility for risk management preparation at all levels.
- Integration of privacy risk management into the RMF
- Align lifecycle-based development initiatives with RMF tasks
- Integration of supply-chain risk management into RMF guidelines
- Introduction of a “prepare” step in to the framework, which aims to simplify and automate RMF execution.
For many organizations, diving into the specifics of the revised publication and adopting them into cybersecurity programs will take a focused effort. The support of an expert cybersecurity consultant can help significantly. Lunarline is a leading expert in NIST compliance programs and can offer services and products, from education and planning support to software development.
To learn more about Lunarline and how we can help, contact us today.