The NIST Cybersecurity Framework seems to be the top choice of information security leaders across North America.
Tim Callahan, Global Chief Security Officer at Aflac, told us on a recent SecureWorld Sessions podcast why Aflac is a NIST shop:
"I think by adopting that [NIST CSF] we become defensible in saying 'We've taken a standard that was meant for critical infrastructure, although we're not that, we're applying that standard to our company and infusing it with other applicable criteria.' It gives us and the board a simple way to measure progress toward our goal and maintain that progress. So that's why we adopted it."
Now, NIST has given one of the framework's supporting documents a significant update.
The update is titled Security and Privacy Controls for Information Systems and Organizations.
NIST says the publication provides a catalog of safeguards for all types of platforms, from general purpose computers to industrial control systems (ICS) to Internet of Things (IoT) devices.
And NIST says it is intended for a broad audience of security experts, systems developers, and even cloud computing platforms.
"Our objective is to make the information systems we depend on more resistant to cyberattacks," said NIST's Ron Ross, one of the publication's authors. "We want to limit the damage from those attacks when they occur, make the systems cyber-resilient, and at the same time protect the security and privacy of information."
Although there are many changes throughout the controls catalog, NIST highlights nine significant shifts in this update:
You can download the document and even comment before the final version is approved: Security and Privacy Controls for Information Systems and Organizations.
Also, if you want to learn more from Aflac CSO Tim Callahan and how he went from disarming bombs to leading cybersecurity, check out the podcast episode: