In April, the National Institute of Standards and Technology (NIST) released its latest version of the Cybersecurity Framework (CSF). The new version includes updates on:

• Authentication and identity,
• Self-assessing cybersecurity risk,
• Managing cybersecurity within the supply chain and
• Vulnerability disclosure.

As all federal agencies are mandated to use the Framework, the call for the private sector to adopt the CSF is growing louder. Recently, the Senate Homeland Security and Government Affairs Committee was advised by Eric Rosenbach, Harvard researcher and former DOD official, that “Congress should mandate that critical infrastructure providers adopt the NIST Cybersecurity Framework…”[i]

As a member of the working group that created the CSF, BSI understands the spirit and letter of the Framework and is the only certification body able to offer certification.

[i] Miller, Maggie, Inside Cybersecurity, April 24, 2018.