NIST Releases Draft Cybersecurity Framework

October 22, 2013 – The National Institutes of Standards and Technology (NIST) today released a draft cybersecurity framework that sets voluntary standards and guidelines for companies.

The framework, intended to bolster cybersecurity for critical infrastructure assets, is being developed with the aid of several thousand security experts who have attended workshops or otherwise contributed to the draft.

The draft framework includes:

• Guidelines for developing strategies on how to identify, protect, detect, respond and recover from cyberattacks and cyber incidents;
• Methodologies for protecting privacy and civil liberties while securing data and access to networks; and
• Guidelines for how to manage cybersecurity risk and how to create different levels of implementation that allow companies to build upon and improve previous cybersecurity efforts.

The framework initiative was prompted by President Obama’s Executive Order issued in February of this year, and is set to be finalized by February, 2014, and is designed to be a broadly applicable “living document” that allows for flexibility to accommodate a range of industries already subject to numerous regulatory mandates.

The public will have 45 days to submit comments to the agency.

Click here to access the ETA statement on the draft framework.

[spacer height=3]

 

[divide] [spacer height=3]