NIST Seeks Comment on Risk Management Framework Discussion Draft for Systems
The National Institute of Standards and Technology is floating a draft updating guidelines for applying the risk management framework to information systems and organizations. A Thursday notice said the update to Special Publication (SP) 800-37, Revision 2 would provide closer linkage and communication between corporate-level risk management processes to operations and system activities, would demonstrate how NIST's Cybersecurity Framework can be implemented using the agency's risk management processes, and would integrate privacy concepts. It said institutionalizing risk-management preparatory activities would help identify and develop security and privacy baselines, reduce complexity of IT infrastructure and prioritize assets. NIST seeks comments by Oct. 3, anticipates publishing an initial public draft in November, a final draft in January and a final document in March.