NIST has released a second draft of its proposed update to the Framework for Improving Critical Infrastructure Cybersecurity, which “aims to clarify, refine, and enhance the Cybersecurity Framework, amplifying its value and making it easier to use.” The framework draws upon international standards and other guidance to provide organizations with the language with which they can express and manage cybersecurity risks and prioritize related work.
Comments on both documents are due to NIST (cyberframework@nist.gov) by January 19, 2018. (Comments and changes that others have made on the Framework are viewable here). The resulting updated framework is due to be published in Spring 2018.