Welcome to WileyConnect, the Internet of Things blog by
Wiley Rein LLP.

NIST Releases New Draft of 800-37 Revision 2

NIST Releases New Draft of 800-37 Revision 2

May 9, 2018

On May 9, NIST released a new draft of 800-37 Revision 2: Risk Management Framework for Information Systems and Organizations; A System Life Cycle Approach for Security and Privacy.  This draft follows a Discussion Draft that was released in September 2017.

The new draft is broad in scope—with NIST encouraging use in both the government and private sectors.  Importantly, this draft integrates privacy risk management concepts into the Risk Management Framework.  Earlier versions of the Risk Management Framework focused solely on cybersecurity.  With this update, NIST is integrating privacy in an effort to add “an overarching concern for individuals’ privacy, helping to ensure that organizations can better identify and respond to these risks, including those associated with using individuals’ personally identifiable information.”  NIST previously made a similar effort at integrating privacy and security concerns in its 800-53 document, Security and Privacy Controls for Information Systems and Organizations.  

NIST has several additional objectives with this document, including:

  • To better link risk management processes at the C-Suite level with the activities at the system/operational level of an organization;
  • To align the Risk Management Framework with NIST’s Cybersecurity Framework; and
  • To facilitate more effective and efficient risk management;

Additionally, the new draft incorporates supply chain risk management considerations and issues, including “counterfeit components, tampering, theft, insertion of malicious software and hardware, poor manufacturing and development practices, and other potential harmful activities that can impact an organization’s systems and systems components.”

NIST is accepting public comment on the draft until June 22.  A final version is expected October 2018. 

Print Friendly and PDF
States Aggressively Pursue Data Privacy and Security Measures

States Aggressively Pursue Data Privacy and Security Measures

Wiley Rein LLP Sponsors Startup World Cup 2018 Grand Finale: May 11 Event in San Francisco Supports Next Wave of Leading Entrepreneurs

Wiley Rein LLP Sponsors Startup World Cup 2018 Grand Finale: May 11 Event in San Francisco Supports Next Wave of Leading Entrepreneurs