The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber-attacks. The framework has been translated to many languages and is used by the governments of Japan and Israel, among others. It “provides a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.” Version 1.0 was published by the US National Institute of Standards and Technology in 2014, originally aimed at operators of critical infrastructure. It is being used by a wide range of businesses and organizations and helps shift organizations to be proactive about risk management. In 2017, a draft version of the framework, version 1.1, was circulated for public comment. Version 1.1 was announced and made publicly available on April 16, 2018. Version 1.1 is still compatible with version 1.0. The changes include guidance on how to perform self-assessments, additional detail on supply chain risk management and guidance on how to interact with supply chain stakeholders.