Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework - Framework Development

Background - NIST Responsibilities

NIST will develop the Framework in a manner that is consistent with its mission to promote U.S. innovation and industrial competitiveness. The Framework will be developed by ongoing engagement with, and input from, stakeholders in government, industry, and academia, including an open public review and comment process, workshops and other means of engagement.

To develop the Framework, NIST will use a Request for Information (RFI) and ongoing stakeholder engagement to: (i) identify existing cybersecurity standards, guidelines, frameworks, and best practices that are applicable to increase the security of critical infrastructure sectors and other interested entities; (ii) specify high-priority gaps for which new or revised standards are needed; and (iii) collaboratively develop action plans by which these gaps can be addressed.

The Framework will seek to promote the wide adoption of practices to increase cybersecurity across all sectors and industry types. It will seek to provide owners and operators a flexible, repeatable and cost effective risk-based approach to implementing security practices while allowing organizations to express requirements to multiple authorities and regulators.

The below presentation shows the process by which NIST will work with stakeholders to develop the Initial Framework.

Cybersecurity Framework Development Overview

Update on Development of the Cybersecurity Framework (December 4, 2013)

Update on Development of the Cybersecurity Framework (July 24, 2013)

Update on Development of the Cybersecurity Framework (June 18, 2013)

Return to Cybersecurity Framework Home Page

Created October 28, 2013, Updated December 16, 2013