Last week, NIST (National Institute of Standards and Technology) unveiled the final version of their cybersecurity framework for critical infrastructure; a voluntary framework that has been developed for organisations, customers and regulators to help them create, assess, guide and improve cybersecurity programs.
The framework was designed following President Obama’s executive order on cybersecurity last year – he gave NIST the task of working with the security industry to come up with a framework of voluntary best practices that would improve cybersecurity.
Patrick Gallagher, NIST Director, said: “The framework provides a consensus description of what’s needed for a comprehensive cybersecurity program. It reflects the efforts of a broad range of industries that see the value of and need for improving cybersecurity and lowering risk. It will help companies prove to themselves and their stakeholders that good cybersecurity is good business.”
NIST is planning to release framework updates periodically and issue a roadmap that accompanies the framework which will “…lay out the path toward future framework versions and ways to identify and address key areas for cybersecurity development, alignment and collaboration.”
By Allie Philpin