National Institute of Standards and Technology Issues Cybersecurity Framework Draft
|December 12, 2013|
Directed by an executive order from President Obama in February, the National Institute of Standards and Technology (NIST) released a preliminary framework draft outlining standards, best practices and guidance to help companies manage cybersecurity risk.
The NIST, which was closed during the partial government shutdown, was supposed to issue the preliminary framework by Oct. 10.
The NSI said the framework complements an organization’s existing business or cybersecurity risk management process and cybersecurity program. Companies can use their current processes and leverage the framework to identify opportunities to improve cybersecurity risk management. Alternatively, an organization without an existing cybersecurity program can use the framework as a reference when establishing one.
“The framework, developed in collaboration with industry, provides guidance to an organization on managing cybersecurity risk, in a manner similar to financial, safety and operational risk,” the NSIT said in the draft document. “The framework is not a one-size-fits-all approach for all critical infrastructure organizations. Because each organization’s risk is unique, along with their implementation of information technology and operational technology, the implementation of the framework will vary.”
The framework is composed of three parts: