Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Commerce Acting Under Secretary Encourages Business to take Active Role in Corporate Cyber Security

NIST Acting Director Willie May at the CYBER Conference
Credit: Heyman/NIST

NIST Acting Director Willie May at the Board Agenda: CYBER Conference, April 17, 2015.

The acting Under Secretary of Commerce for Standards and Technology today called on corporate CEOs and board members to take active roles in managing how their institutions deal with cybersecurity risks.

Speaking at the "Board Agenda: CYBER" conference in Washington, D.C., Dr. Willie May said, "As CEOs, board members, or other senior leaders of your organizations, managing cyber risks is one of the most important things you can do to protect your assets, your customers, and your companies." May also is the acting director of the National Institute of Standards and Technology (NIST).

May said that top corporate managers should review and consider using the Framework for Improving Critical Infrastructure Cybersecurity, a voluntary guidance document issued by NIST a year ago last February. The product of a year-long collaboration of cybersecurity and management experts from the federal government, industry and academia, the framework was designed to be a risk management approach that builds on recognized best practices and standards for cybersecurity.

May said preventing all successful cyber attacks is likely not possible, however a company can use the framework to help make successful attacks substantially more difficult and to facilitate rapid detection and recovery. "The goal is a balanced approach that both protects and quickly detects when something is amiss. And it's one that emphasizes being prepared with a strong response and recovery plan," he said.

May said that the framework already is being used effectively by firms ranging from major multinationals to small businesses. The full prepared text of May's remarks is available from the NIST website.

Released April 17, 2015, Updated July 24, 2018