Cybersecurity

NIST pushes on next version of Risk Management Framework

security

The National Institute of Standards and Technology is working hard to get critical privacy controls worked into the next version of its risk management framework by the end of the year, said one of the initiative’s primary managers.

“We’re in a full-court press” to get a variety of critical changes made to NIST’s Risk Management Framework 2.0, NIST Fellow Ron Ross told FCW.

NIST, he said, plans to release a final public draft of RMF 2.0 in September, aiming for final publication in November.

The work to get the RMF completed includes discussions with the White House’s Office of Information and Regulatory Affairs on the privacy additions, Ross said in remarks after a panel at FCW’s Aug. 9 Cybersecurity Summit.

Those discussions with OIRA, he said, are important because the latest version of the RMF will cover a number of critical areas, including supply chain and systems engineering but also privacy.

Privacy, Ross said, is becoming one of the most critical issues in cybersecurity because it cuts across so many other areas. RMF 2.0’s new privacy provisions address how organizations can assess and manage risks to data and systems by focusing on protecting individuals' personally identifiable information.

Ross emphasized that IT security and privacy are complementary in defending against unauthorized system activity and behaviors. The draft update also ties the RMF more closely to the Cybersecurity Framework, he said.

Note: This article was updated on Aug. 10 to correct the projected timeline for RMF 2.0's final publication. 

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.