As promised, on February 12, 2014, the National Institute of Standards and Technology released their “Framework for Improving Critical Infrastructure Cybersecurity.” Attached here, the Framework focuses on using business drivers to guide cybersecurity activities and ensure businesses consider cybersecurity risks as part of the organization’s risk management processes.
The Framework consists of three parts:
- Framework Core: Set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational Profiles
- Framework Profile: Will help the organization align its cybersecurity activities with its business requirements, risk tolerances, and resources
- Framework Implementation Tiers: Provides a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk
Now that this new highly-anticipated framework has been released, what are your thoughts on it?
Do you think these standards will be implemented effectively by agencies? If not, what is missing from the framework?
Share your thoughts and comments below.