Cybersecurity

NIST pushes on next version of Risk Management Framework

security

The National Institute of Standards and Technology is working hard to get critical privacy controls worked into the next version of its risk management framework by the end of the year, said one of the initiative’s primary managers.

“We’re in a full-court press” to get a variety of critical changes made to NIST’s Risk Management Framework 2.0, NIST Fellow Ron Ross told FCW.

NIST, he said, plans to release a final public draft of RMF 2.0 in September, aiming for final publication in November.

The work to get the RMF completed includes discussions with the White House’s Office of Information and Regulatory Affairs on the privacy additions, Ross said in remarks after a panel at FCW’s Aug. 9 Cybersecurity Summit.

Those discussions with OIRA, he said, are important because the latest version of the RMF will cover a number of critical areas, including supply chain and systems engineering but also privacy.

Privacy, Ross said, is becoming one of the most critical issues in cybersecurity because it cuts across so many other areas. RMF 2.0’s new privacy provisions address how organizations can assess and manage risks to data and systems by focusing on protecting individuals' personally identifiable information.

Ross emphasized that IT security and privacy are complementary in defending against unauthorized system activity and behaviors. The draft update also ties the RMF more closely to the Cybersecurity Framework, he said.

Note: This article was updated on Aug. 10 to correct the projected timeline for RMF 2.0's final publication. 

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • Defense

    DOD wants prime contractors to be 'help desk' for new cybersecurity model

    The Defense Department is pushing forward with its unified cybersecurity standard for contractors and wants large companies and industry associations to show startups and smaller firms the way.

  • FCW Perspectives
    tech process (pkproject/Shutterstock.com)

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.