NIST finally released their official Cybersecurity Framework earlier this week. As usual not everyone is happy about this great accomplishment. The removal of the privacy appendix in January and the lack of incentives frustrated many. Personally, I am not necessarily for or against it however the framework does layout something we can all rally behind. Something that is a lot simpler and more effective than the FISMA paperwork drill of the past decade.
More importantly, the framework provides a “step.” At this point I am not sure if it is a “step” in the right direction or the wrong direction but at least it gets us moving in some direction so we can make corrections and adjustments along the way. Then maybe … someday … the framework will evolve into something we can practically apply. Still, kudos to NIST for somehow herding all the cats together on this one.
The National Institute of Standards and Technology has unveiled its long-awaited cybersecurity framework, which provides best practices for voluntary use in all critical infrastructure sectors, including, for example, government, healthcare, financial services and transportation.
The 41-page catalog of tools is designed to help organizations develop information security protection programs. The creation of the framework was a collaborative effort of the government and the private sector (see: On Deck: The Cybersecurity Framework).
President Obama proposed the cybersecurity framework in his 2013 State of the Union address to help mitigate growing cyberthreats to the nation’s critical infrastructure. He signed an executive order designating NIST to shepherd the creation of the framework.
Today’s post pic is from ComputerServiceNow.com.