Cyber attacks cost businesses an estimated $400B per year globally from direct damage and post-attack operation disruption. To give companies a way to evaluate and address their cyber risks in this quickly evolving technology age, NIST developed the Cybersecurity Framework.
NIST led an open, transparent, and inclusive effort to develop a standards-based Cybersecurity Framework with robust stakeholder engagement. The Framework provides organizations with a tool to understand their cybersecurity risks and how to mitigate these risks with cybersecurity measures tailored specifically to their risk appetite.
The Framework contains an array of activities, outcomes and references to help organizations identify their cybersecurity risks. It also allows groups to work toward a targeted cybersecurity outcome tailored to match the sector or type of organization. The organization can then take steps to close the gaps between its current profile and its target profile.
Since developing the Framework with feedback from thousands of stakeholders through five workshops, requests for information and other mechanisms, NIST has continued working to increase its visibility and implementation in domestic and international markets, and across all levels of government and sectors of the digital economy. This includes sector-specific profiles demonstrating how to implement the Framework. After feedback from industry, NIST recently launched an effort to update the Framework in 2017.
Created through collaboration between industry and government, the Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
Questions? Contact NIST Inquiries.
30% of U.S. organizations use the Framework, including JPMorgan Chase, Merck & Co, Kaiser Permanente and Chevron Corporation
16 critical infrastructure sectors using the Framework
“Intel’s pilot project has verified that the Framework can provide value to even the largest organizations and has the potential to transform cybersecurity on a global scale by accelerating cybersecurity best practices across the compute continuum.”
– The Cybersecurity Framework in Action: An Intel Use Case