NIST pushes on next version of Risk Management Framework
- By Mark Rockwell
- Aug 09, 2018
The National Institute of Standards and Technology is working hard to get critical privacy controls worked into the next version of its risk management framework by the end of the year, said one of the initiative’s primary managers.
“We’re in a full-court press” to get a variety of critical changes made to NIST’s Risk Management Framework 2.0, NIST Fellow Ron Ross told FCW.
NIST, he said, plans to release a final public draft of RMF 2.0 in September, aiming for final publication in November.
The work to get the RMF completed includes discussions with the White House’s Office of Information and Regulatory Affairs on the privacy additions, Ross said in remarks after a panel at FCW’s Aug. 9 Cybersecurity Summit.
Those discussions with OIRA, he said, are important because the latest version of the RMF will cover a number of critical areas, including supply chain and systems engineering but also privacy.
Privacy, Ross said, is becoming one of the most critical issues in cybersecurity because it cuts across so many other areas. RMF 2.0’s new privacy provisions address how organizations can assess and manage risks to data and systems by focusing on protecting individuals' personally identifiable information.
Ross emphasized that IT security and privacy are complementary in defending against unauthorized system activity and behaviors. The draft update also ties the RMF more closely to the Cybersecurity Framework, he said.
Note: This article was updated on Aug. 10 to correct the projected timeline for RMF 2.0's final publication.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.