"NIST’s cybersecurity framework is changing -- what you should know"

The National Institute of Standards and Technology revised the Framework for Improving Critical Infrastructure Cybersecurity, which outlines industry standards and best practices for organizations and industries in managing cybersecurity risks. This framework provides a baseline in which organizations and industries can use to assess their own cybersecurity practices, programs, and management. This article discusses a few significant changes made to the framework, which includes additional sections pertaining to measurement of performance and maturity of cyber risk programs, supply-chain risk management recommendations, and the renaming of the access-control category. 

GCN reports "NIST’s cybersecurity framework is changing -- what you should know"