The National Institute of Standards and Technology's (NIST) updated Cybersecurity Framework, scheduled for release later this year, should provide some welcome new advice for organizations struggling to manage cyber-risk in the current threat environment.
The key areas where the framework will provide guidance is about supply chain risks, identity management and cybersecurity risk assessment and measurement. NIST released two draft framework updates containing the changes last year - the second in December 2017. It is currently reviewing public comments and will release a finalized version in the spring.