Skip to main content
Skip global navigation and go to main content

Cybersecurity Framework updated to protect industries vital to national, economic security

Framework flexible enough for adoption across wide range of industries

Posted April 20, 2018

The National Institute of Standards and Technology (NIST) updated its Framework for Improving Critical Infrastructure Cybersecurity, which is better known as the Cybersecurity Framework. Commerce Secretary Wilbur Ross said the framework “should be every company’s first line of defense.”

NIST developed the Cybersecurity Framework to help industries that are vital to national and economic security recognize and protect themselves from cyber threats. Industries such as backing, energy, communications, defense, and chemical manufacturing are particularly threatened by cyber criminals. However, according to NIST, the framework is flexible enough to be adopted by companies and organizations across all industry sectors, as well as federal, state, and local governments.

Version 1.1, the newest version of the framework updates the following sections:

  • Authentication and identity;
  • Self-assessing cybersecurity risk;
  • Managing cybersecurity within the supply chain; and
  • Vulnerability disclosure.

On April 27, 2018, NIST will host a free public webcast to explain Version 1.1. In addition, NIST will host a Cybersecurity Risk Management Conference focusing on the framework on November 6-8, 2018, in Baltimore, Maryland. NIST also intends to release an updated companion document called The Roadmap for Improving Critical Infrastructure Cybersecurity.

The Cybersecurity Framework, developed in 2014 in response to Executive Order 13636, Improving Critical Infrastructure Cybersecurity, consists of standards, guidelines, and practices to help owners and operators of critical infrastructure manage cybersecurity-related risk.

NIST points out that cybersecurity threats to the nation’s critical infrastructure systems jeopardize the country’s security, economy, and public safety and health. Along with financial and reputational risks, cybersecurity risk affects a company’s bottom line. It can drive up costs and affect revenue. It can also harm a company’s ability to innovate and to attract and maintain customers.

NIST is a non-regulatory agency of the U.S. Department of Commerce tasked with promoting innovation and industrial competitiveness through measurement science, standards, and technology. Other help for critical infrastructure owners and operators is available through the Department of Homeland Security, which offers the Critical Infrastructure Cyber Community C3 Voluntary Program. The program links owners and operators with existing resources to help them use the Cybersecurity Framework.

J. J. Keller Safety Management SuiteThe J. J. Keller® Safety Management Suite, formerly KellerOnline®, provides safety professionals with the tools and applications to help drive performance, reduce risk, and ensure compliance.


J. J. Keller's FREE Workplace SafetyClicks™ email newsletter brings quick-read workplace safety and compliance news right to your email box.

Sign up to receive Workplace SafetyClicks™.