Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
cyberframework image

Executive Order 13636: Cybersecurity Framework

Executive Order 13636: Cybersecurity Framework

Latest Update to Industry

Corresponding with the Office of Management and Budget publication of the updated Circular A-130on July 28, 2016, NIST offers the following guidance to Federal agencies regarding use of the NIST Risk Management Framework with Cybersecurity Framework.

On June 9, 2016, NIST published a summary of observations from Cybersecurity Framework Workshop 2016 held at NIST in Gaithersburg, Maryland on 6 and 7 April 2016.The summary highlights areas of agreement between workshop participants and respondents to the most recent request for information (RFI), Views on the Framework for Improving Critical Infrastructure Cybersecurity.The summary also outlines next steps for NIST and recommended actions for Framework stakeholders.

Background: Framework for Improving Critical Infrastructure Cybersecurity

Recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, the President issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. The Order directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.

Created through collaboration between industry and government, the Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

The Framework Core and Informative Requirements are available as separate downloads in three formats: spreadsheet (Excel)alternate view (PDF), and database (FileMaker Pro). A companion Roadmap discusses future steps and identifies key areas of cybersecurity development, alignment, and collaboration. 

The Department of Homeland Security's Critical Infrastructure Cyber Community C³ Voluntary Program helps critical infrastructure owners and operators align with existing resources to assist them in using the Cybersecurity Framework and managing their cyber risks.

In addition to encouraging responses to the RFI, NIST welcomes informal feedback about the Framework and Roadmap. Organizations and individuals may contribute observations, suggestions, and examples of use and lessons learned to cyberframework@nist.gov.