NIST Seeks Comment on Risk Management Framework Discussion Draft for Systems
The National Institute of Standards and Technology is floating a draft updating guidelines for applying the risk management framework to information systems and organizations. A Thursday notice said the update to Special Publication (SP) 800-37, Revision 2 would provide closer…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
linkage and communication between corporate-level risk management processes to operations and system activities, would demonstrate how NIST's Cybersecurity Framework can be implemented using the agency's risk management processes, and would integrate privacy concepts. It said institutionalizing risk-management preparatory activities would help identify and develop security and privacy baselines, reduce complexity of IT infrastructure and prioritize assets. NIST seeks comments by Oct. 3, anticipates publishing an initial public draft in November, a final draft in January and a final document in March.