As we continue to consult with our clients daily, we have several anchor frameworks used to align our client’s cyber posture towards. The National Institute of Standards and Technology (NIST) is one that we frequently reference depending on the vertical as it is packed with great guidelines relevant to almost any industry.
They’ve recently published updates in several areas that have been somewhat threadbare in recent years as we’ve seen the threat landscape change drastically. In concert with most amendments in this cyber arena, they are currently accepting and soliciting feedback until May 15th. After seven years of limited updates to their risk management publications, we are starting to see some key enhancements all organizations should take into consideration. There are three main areas that this amendment covers and I’ve taken a moment to summarize them here:
1. Integration of privacy into the controls
2. An entirely new section of supply chain considerations
3. State of the practice controls (updated to current cyberattack data)
Unlike the UL or ISO frameworks specific to manufacturing, this is exceptionally relevant for any organization trying to level-up their security program. You can find the full article here and should have a look to validate your roadmap against these newly harvested standards.
Katalyst - Field CTO