The NIST Cybersecurity Framework has become a key reference and guide for many organizations’ security efforts, and NIST has published pending revisions that are not an “overhaul” but provide additions, advancements and clarifications. Matthew Barrett, NIST’s cybersecurity framework program manager, recently presented an overview of the original Framework and its companion Roadmap and explained the pending changes to both. Organizations should become familiar with the changes and review their current practices to determine if their own practices require updating. See also “Demystifying the FTC’s Reasonableness Requirement in the Context of the NIST Cybersecurity Framework (Part One of Two)” (Oct. 19, 2016); Part Two (Nov. 2, 2016).