Citations Edit

Overview Edit

This Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

The Framework is risk-based, and is composed of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework provides a common taxonomy and mechanism, based on existing standards, guidelines, and practices, for organizations to:

It provides a thorough, yet flexible risk-based approach for understanding where an organization stands in terms of its cybersecurity activities and where it would like to be to ensure that it is able to achieve its cybersecurity risk management priorities as defined by organizational goals, legal and regulatory requirements, and industry best practices.

This perspective helps reframe cybersecurity issues in risk management terms that may be more understandable for decision-makers, i.e., whether a firm should mitigate, transfer, accept or avoid a risk.

Companion document Edit

NIST also issued a companion document "NIST Roadmap for Improving Critical Infrastructure Cybersecurity," which discusses NIST's next steps with the Framework and identifies key areas of development, alignment, and collaboration.

(Draft) Version 1.1 Edit

This draft provides new details on managing cyber supply chain risks, clarifies key terms, and introducing measurement methods for cybersecurity. The updated framework aims to further develop NIST's voluntary guidance to organizations on reducing cybersecurity risks.

The draft incorporates feedback since the release of framework version 1.0, and integrates comments from a December 2015 Request for Information as well as comments from attendees at the Cybersecurity Framework Workshop 2016 held at the NIST campus in Gaithersburg, Maryland.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.