NIST: Cybersecurity Framework Won’t Be Updated Next Year

Corporate Counsel Weekly™ helps corporate lawyers get the big picture on the legal challenges facing corporations today. Practitioners can discover trends on the horizon and stay alert to the full...

Dec. 12 — The National Institute of Standards and Technology has no plans to modify or release new versions of its cybersecurity framework within the next year, according to a Dec. 5 update from NIST on the implementation of the framework.

“There was widespread agreement among participants that it is too early to update the Framework and that more time is needed to understand and use the current version,” NIST said.

In February, NIST finalized a voluntary framework of cybersecurity best practices for the private sector pursuant to an executive order signed in 2013 by President Barack Obama (28 CCW 61, 2/20/13).

In August, NIST published a request for information, launching a 45-day comment period on the private sector's experience so far with using the framework.

NIST's latest update summarizes both the request for information responses and feedback from the last workshop held in October.