Framework V1 Executive Summary

518 Words3 Pages

Page Reference Changes made to Framework V1.1 pp. 5-6 The ‘Executive Summary’ was modified to more clearly present the Framework, the development process, and next steps. (Technology, 2017) p. 7 Section 1.0 ‘Framework Introduction’ was updated to reflect security implications of a broadening use of technology (e.g. ICS/CPS/IoT) and to more clearly define Framework uses. (Technology, 2017) p. 10 Section 1.3 ‘Document Overview’ was modified to reflect the additional section and appendix added with this update. (Technology, 2017) p. 11 Figure 1: ‘Framework Core Structure’ was visually updated. (Technology, 2017) p. 13 Section 2.2 ‘Framework Implementation Tiers’ - Paragraph 3 was modified to clarify the relationship between Tiers and Profiles …show more content…

15 Section 2.2 ‘Framework Implementation Tiers’ - Tier 3 ‘Repeatable’ - Paragraph 2 was modified for clarification to include: “The organization consistently and accurately monitors cybersecurity risk of organizational assets. Senior cybersecurity and non-cybersecurity executives communicate regularly regarding cybersecurity risk. Senior executives ensure consideration of cybersecurity through all lines of operation in the organization.” (Technology, 2017) p. 17 Figure 2 - The actions outlined for the ‘Senior Executive Level’ and the ‘Business/Process Level’ were modified. (Technology, 2017) p. 19 Section 3.2 ‘Establishing or Improving a Cybersecurity Program’ - Step 1: ‘Prioritize and Scope’ was modified to clarify Tier usage with the following: “Risk tolerances may be reflected in a target Implementation Tier.” (Technology, 2017) p. 19 Section 3.2 ‘Establishing or Improving a Cybersecurity Program’ - Step 3: ‘Create a Current Profile’ was modified to include: “If an outcome is partially achieved, noting this fact will help support subsequent steps.” (Technology, 2017) p. 20 Section 3.2 ‘Establishing or Improving a Cybersecurity Program’ - Step 5: ‘Create a Target Profile’ was modified to include: “The Profile should appropriately reflect criteria within the target Implementation Tier.” (Technology, 2017) p. 22 Figure 3: ‘Cyber Supply Chain Relationships’ was added to depict concepts in 3.3. (Technology,