As promised, NIST is continuing to work on the Cybersecurity
Framework (CSF). This week changes to the CSF web site reflect those
continuing efforts. You have to click through a couple of links to find the
actual change, but NIST will be holding another CSF
Workshop next month. This one will focus on the privacy aspects of the CSF
that were not fully addressed in CSF v1.0.
While privacy is not a major focus for most industrial control
systems, the privacy processes will almost certainly be at least of some
concern to managers of cybersecurity security programs. Part of any security
program must include some form of vetting of personnel with access to computer
systems. Vetting programs require the collection of personally identifiable
information (PII) and thus privacy issues abound.
The current draft
agenda for the April 9th Privacy Engineering Workshop at the
NIST headquarters in Gaithersburg, MD does not include any specific discussion
of security program privacy issues. That is not surprising since this is an
engineering workshop, not a policy workshop. It will be interesting to see if
the issue comes up in any of the discussions.
Posts
No comments:
Post a Comment