The National Institute of Standards and Technology (NIST) has released a draft of its update to the Risk Management Framework (RMF), designed to help federal agencies and companies safeguard their information systems from cyber threats. The update will help organizations respond appropriately to privacy risks, including the use of personally identifiable information.
What’s included in the update?
NIST Special Publication (SP) 800-37 Revision 2 provides cross-references outlining how the Cybersecurity Framework (CSF) aligns with current RMF steps. The update is intended to:
- Integrate privacy and security with systems development
- Bring senior leaders closer to operations
- Address supply chain-related concerns
- Equip organizations with a process to select controls from the consolidated catalog for privacy and security controls
NIST previously focused on protecting groups from external cybersecurity threats. “Until now, federal agencies had been using the RMF and CSF separately,” said NIST’s Ron Ross, one of the publication’s authors. “The update provides cross-references so that organizations using the RMF can see where and how the CSF aligns with the current steps in the RMF. Conversely, if you’re using the CSF, you can bring in the RMF and give your organization a robust methodology to manage security and privacy risks.”
NIST is soliciting public feedback on the RMF draft update until June 22, 2018. It plans to issue the final version in October.
Tie the NIST CSF and SP 800-37 Revision 2 with the ISO 27001 cybersecurity standard
ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes best practice for an information security management system (ISMS ). Achieving accredited certification to ISO 27001 demonstrates that your company is addressing cybersecurity with best practice. ISO 27001 is compatible with the NIST CSF, and includes 114 security controls.
Our three-day, fully certificated, practitioner-led ISO27001 Certified ISMS Lead Implementer Online course will help you implement an ISMS aligned with ISO 27001, and demonstrate General Data Protection Regulation (GDPR) compliance.
Register for ISO27001 Certified ISMS Lead Implementer Online.