Cybersecurity Framework
Cybersecurity professionals talk about what the Cybersecurity Framework means to their organizations. The Framework, which was created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
Below, you can also view a brief animated video, which features additional cybersecurity professionals talking about what the framework means to their organizations. These experts from Intel, Microsoft, Telos, the U.S. Chamber of Commerce and the National Restaurant Association worked with NIST, other agencies and industry and academia to develop the framework. Like the framework itself, the video is not only for those in the trenches of cybersecurity, but also those in the C-suite, who make funding and business decisions that affect cybersecurity.
Latest Updates
Corresponding with the Office of Management and Budget publication of the updated Circular A-130 on July 28, 2016, NIST offers the following guidance to Federal agencies regarding use of the NIST Risk Management Framework with Cybersecurity Framework.
On September 15, 2016, NIST released the draft Baldrige Cybersecurity Excellence Builder, a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts. NIST is requesting public comments on the draft document, which blends the best of two globally recognized and widely used NIST resources: the organizational performance evaluation strategies from the Baldrige Performance Excellence Program and the risk management mechanisms of the Cybersecurity Framework.