![]() ![]() That took place via workshops, extensive outreach and consultation, and a public comment process. The Framework was developed in a year-long, collaborative process in which NIST served as a convener for industry, academia, and government stakeholders. Among other things, the EO directed NIST to work with industry leaders to develop the Framework. The Framework was developed in response to Presidential Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which was issued in 2013. Version 1.0 of the Framework was prepared by the National Institute of Standards and Technology (NIST) with extensive private sector input and issued in February 2014. When and how was the Framework developed? Organizations also can readily use the Framework to communicate current or desired cybersecurity posture between a buyer or supplier. ![]() That includes improving communications, awareness, and understanding between and among IT, planning, and operating units, as well as senior executives of organizations. ![]() By providing a common language to address cybersecurity risk management, it is especially helpful in communicating inside and outside the organization. In turn, that will help to prioritize investments and maximize the impact of each dollar spent on cybersecurity. It will assist in determining which activities are most important to assure critical operations and service delivery. ![]() The Framework will help an organization to better understand, manage, and reduce its cybersecurity risks. Why should an organization use the Framework? The Framework should not be implemented as an un-customized checklist or a one-size-fits-all approach for all critical infrastructure organizations. Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances – and how they implement the practices in the Framework to achieve positive outcomes will vary. It should be customized by different sectors and individual organizations to best suit their risks, situations, and needs. Is my organization required to use the Framework?ĭoes it provide a recommended checklist of what all organizations should do? In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. What is the Framework, and what is it designed to accomplish? Informative References Expand or Collapse.Events and Presentations Expand or Collapse.Frequently Asked Questions Expand or Collapse. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |