NIST Framework For Improving Critical Infrastructure Cybersecurity Version 1.0

On February 12th, the U.S. National Institute of Standards and Technology (NIST) unveiled version 1.0 of its voluntary Framework for Improving Critical Infrastructure Cybersecurity (Framework). The Framework was developed at the direction of President Obama's Executive Order 13636 and designed to assist critical infrastructure (e.g. financial, energy, and health care sectors) guard against cyber threats.

Framework 1.0 Update

The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers - combined, the parts provide a foundational structure for managing cybersecurity risk. The Framework incorporates public feedback on the earlier NIST Preliminary Cybersecurity Framework (Preliminary Framework) published last year.

One significant change to the Framework was the removal of Appendix B titled, "Methodology to Protect Privacy and Civil Liberties for a Cybersecurity Program". Commentators in industry and academia criticized Appendix B for being, "too prescriptive and costly and thus a deterrence to adoption of the Framework". Appendix B has now been replaced with Section 3.5 of the Framework that succinctly describes a general set of considerations and processes. Section 3.5 recognizes that organizations may approach privacy and civil liberty considerations through a multiplicity of technical solutions rather than those prescribed in the former Appendix B. Apart from this amendment, the Framework has not materially changed. A more detailed overview of the Framework can be found in our earlier post on the Preliminary Framework.

NIST Roadmap for Improving Cybersecurity

As a companion to the Framework, NIST published a roadmap (Roadmap) that provides insight into its future plans for the Framework. The Roadmap reveals that NIST intends to transition the governance of the Framework to a non-governmental organization, but expects to remain the "convener and coordinator" of the Framework until at least version 2.0. The Roadmap also cites areas for improvement such as: the development of better authentication solutions, the alignment of the existing Federal Information Processing Standards with the Framework, and the advancement of technical privacy standards and best practices.

Cyber Community C3 Voluntary Program

In addition to the...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT