Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
cyberframework image

Executive Order 13636: Cybersecurity Framework

Executive Order 13636: Cybersecurity Framework

Latest Update to Industry

On June 9, 2016, NIST published a summary of observations from the Cybersecurity Framework Workshop 2016 held on April 6-7, 2016.  The summary highlights areas of agreement among workshop participants and respondents to the most recent request for information (RFI), Views on the Framework for Improving Critical Infrastructure Cybersecurity.  The summary also outlines next steps for NIST and recommended actions for Framework stakeholders. NIST has committed to minimize disruption to current Framework users by focusing on clarifying and refining the Framework. NIST will continue collaborative development of the Framework by releasing a draft of the minor Framework update for comment in early calendar year 2017.

Background: Framework for Improving Critical Infrastructure Cybersecurity

Recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, the President issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. The Order directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. The Cybersecurity Enhancement Act of 2014 reinforced NIST’s EO 13636 role.

Created through collaboration between industry and government, the voluntary Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

The Framework Core and Informative Requirements are available as separate downloads in three formats: spreadsheet (Excel), alternate view (PDF), and database (FileMaker Pro).   A companion Roadmap discusses future steps and identifies key areas of cybersecurity development, alignment, and collaboration.

The Department of Homeland Security's Critical Infrastructure Cyber Community C³ Voluntary Program helps critical infrastructure owners and operators align with existing resources to assist them in using the Cybersecurity Framework and managing their cyber risks.

NIST continues to welcome informal feedback about the Framework and Roadmap. Organizations and individuals may contribute observations, suggestions, and examples of use and lessons learned to cyberframework@nist.gov .