Augmenting its efforts to protect the nation’s critical assets from cybersecurity threats as well as protect individuals’ privacy, the National Institute of Standards and Technology has issued a draft update to its Risk Management Framework to help organizations more easily meet these goals.
NIST Special Publication 800-37 is a guidance document designed to help organizations assess and manage risks to their information and systems. Previous versions were primarily concerned with cybersecurity protections from external threats.
The updated version adds an overarching concern for individuals’ privacy, helping to ensure that organizations can better identify and respond to these risks, including those associated with using individuals’ personally identifiable information.
The update will interest federal agencies and contractors that do business with them, as it connects with NIST’s well-known Cybersecurity Framework, highlighting relationships that exist between the two documents.