NIST issues updated cyber guides focused on assessments and communication

MF3d/Getty Images

Two new volumes were released by the National Institute of Standards and Technology that aim to broaden the publication’s applicability to organizations outside federal agencies.

The National Institute of Standards and Technology issued two new updates to its existing literature on gauging the efficacy of organizations’ cybersecurity protocols, addressing both the selection and maintenance of a proper cybersecurity program depending on organizational needs. 

Released on Wednesday, the new guidance is split into two volumes looking at different stages of implementing an effective cybersecurity program. Volume 1 is focused on technical issues in information security measurement and assessment, weighing the pros and cons of qualitative assessments versus classical data analysis approaches.

That volume also introduced types of assessments that internet security analysts can use to employ these approaches, clarifying what insights into an organization’s network security each assessment offers.

Volume 2 is focused on bringing leadership into the qualitative findings of the proposed network security assessments outlined in Volume 1 and translating them into results. Notably, NIST advocates for a “strong upper-level management support that is integrated into the culture of the organization” as the foundation for organizations looking to deliver results-oriented measures to their cybersecurity posture analyses.

“Major changes to the publication since its previous version include expanded sections on how to measure and analyze cybersecurity results quantitatively, as well as broadening the publication’s intended audience from federal agencies to all organizations concerned with cybersecurity,” the press release said.

Both volumes are intended to complement other NIST publications related to network and information security.