A companion document to the National Institute of Standards and Technology (NIST) cybersecurity framework which sets forth the roadmap and agenda for further enhancement and revision of the framework and development, alignment and collaboration of cybersecurity related activities and responses.
The purpose of the National Institute of Standards and Technology (NIST) cybersecurity framework is to organize cybersecurity organization and set forth best practices and standards. Its five core functions are to Identify, Protect, Detect, Respond and Recover from cybersecurity attacks. NIST is a part of the U.S. Department of Commerce.
Excerpts from the companion document appear below:
This companion Roadmap to the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework or the Framework) describes the National Institute of Standards and Technology’s (NIST’s) next steps with the Framework, and identifies key areas of development, alignment, and collaboration. This Roadmap reflects revisions to the original planning document released in February 20141 when Version 1.0 of the Framework was released, and contains updates corresponding with Framework Version 1.1 issued in April 2018.
Focus Areas NIST has identified and targeted several focus areas for continued coordination and collaboration of cybersecurity guidelines and principles:
- Federal Agency Cybersecurity Alignment;
- International Aspects, Impacts, and Alignment;
- Small Business Awareness and Resources.
Among others, areas to which NIST currently places a high priority on development, alignment and collaboration are:
5.1. Confidence Mechanisms
5.2. Cyber-Attack Lifecycle
5.3. Cybersecurity Workforce
5.4. Cyber Supply Chain Risk Management
5.5. Governance and Enterprise Risk Management
5.6. Identity and Access Management
5.7. Internet of Things
5.8. Measuring Cybersecurity
5.9. Privacy Engineering
5.10. Referencing Techniques
5.11 Secure Software Development