Perspectives relevant for U.S. Federal Agencies.
“…NIST and industry, which jointly developed the Framework, are pleased that the Framework is being identified as an ideal means to manage agencies’ cyber risks.”
Ann M. Beauchesne, Senior Vice President, and Matthew J. Eggers, Executive Director, Cybersecurity Policy, U.S. Chamber of Commerce
January 19, 2018 – US Chamber of Commerce RFC Response
“Although the Framework is an evolving guide that is not designed to serve as a regulatory standard, it establishes a useful common lexicon for businesses to discuss their approaches to cybersecurity.”
“As the Framework recognizes , there’s no one-size-fits-all approach to managing cybersecurity risk. Because organizations have unique risks—different threats, different vulnerabilities, different risk tolerances—their approaches to risk management will vary. But that’s the benefit of the Framework: It’s not a checklist, but rather a compilation of industry-leading cybersecurity practices that organizations should consider in building their own cybersecurity programs. For most organizations, critical infrastructure or not, the Framework may be well worth using solely for its stated goal of improving risk-based security. But it also can deliver additional benefits—for example, encouraging effective collaboration and communication with company executives and industry organizations.”
Federal Trade Commission
Business Blog - August 2016
“The NIST CSF provides a roadmap for federal agencies and organizations to develop a robust cyber risk management plan that can evolve as quickly as threats do…The level of support for the NIST CSF shows that federal agencies and contractors are keenly aware that managing cyber risk is a critical issue at every level of an organization.”
Richard P. Tracy, CSO, Telos Corporation
The 2017 Public Sector Cyber Risk Management Report - September 26, 2017
“Data from the survey reveals strong support for the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as 83 percent of federal employees and contractors said they favored the NIST CSF being mandated across federal agencies, which was a critical part of the President’s Cyber Executive Order in May 2017. Overall, 88 percent of respondents said that the NIST CSF ‘effectively helps organizations manage risk.’”
“In terms of federal adoption, 61 percent of respondents said they have started implementing the CSF, per the president’s cybersecurity executive order….There will likely be changes in processes and even technology as they work to mitigate risks and strengthen security strategies. And during those times of change, it’s important that senior leaders and the employees they serve understand the current state of cyber operations, how the CSF can help and what it will take to reach their desired end state. What makes the CSF such a valuable resource is there are measurable benefits. For example, using the “Identify” function of the Cybersecurity Framework can help agencies understand what security tools they have and whether they align with their mission and business values. Communicating the benefits of any investment in these terms provides clarity for leadership and other agency stakeholders. But agencies can’t stop there. Once cybersecurity investments are designated a priority, the appropriate budget must be in place to fund those initiatives. That’s a key area where the CSF can help, by enabling agency leaders, finance and cybersecurity professionals to speak the same language when talking about security and to properly fund those efforts.”
Symantec, DLT Solutions, and GovLoop,”Identifying Agency Risks with the NIST Cybersecurity Framework, Research Brief” October 2017
“Traditional defenses that rely exclusively on detection and blocking for protection are no longer adequate. A new security approach is needed that covers the entire attack continuum—before, during, and after the attack. The new cybersecurity best-practices framework from the National Institute of Standards and Technology (NIST) shows agencies and organizations of all sizes how to apply such a model.”
Resources related to this user group.