Crossroads Blog | CYBER SECURITY LAW AND POLICY

Current Affairs, education, Official Policy

Full NIST Cyber Framework Released to the Public

As promised, here is the full National Institute of Standards and Technology (NIST) cyber framework.

 

preliminary-cybersecurity-framework_Page_01

 

Federal News Radio reports:

The [framework] is centered around five core functions — identify, protect, detect, respond and recover — which can provide a high-level, strategic view of an organization’s management of cybersecurity risk.

Under each of these core areas, NIST identified underlying key categories and subcategories and matched them with examples, such as existing standards, guidelines and practices for each subcategory.

As discussed last month, the cybersecurity guidelines have been drafted in response to an executive order from last February.  The document reads:

The framework, developed in collaboration with industry, provides guidance to an organization on managing cybersecurity risk.  A key objective of the framework is to encourage organizations to consider cybersecurity risk as a priority similar to financial, safety, and operational risk while factoring in larger systemic risks inherent to critical infrastructure.

Now NIST will work to incentivize 3,000 industry, academics, and government experts to successfully implement the framework.

Leave a Reply