Framework for Improving Critical Infrastructure Cybersecurity

Published: February 19, 2014


Kevin M. Stine, Kim Quill, Gregory A. Witte


Recognizing that the national and economic security of the United States depends on the resilience of critical infrastructure, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework - based on existing standards, guidelines, and practices - for reducing cybersecurity risks. In support of this directive, the Computer Security Division (CSD) of NIST's Information Technology Laboratory (ITL) led the development of the Cybersecurity Framework. The Cybersecurity Framework provides a prioritized, flexible, repeatable, and cost-effective approach, including information security measures and controls to help owners and operators of critical infrastructure and other interested entities to identify, assess, and manage cybersecurity-related risk while protecting business confidentiality, individual privacy and civil liberties. To enable technical innovation and account for organizational differences, the Framework does not prescribe particular technological solutions or specifications.
Citation: ITL Bulletin -
NIST Pub Series: ITL Bulletin
Pub Type: NIST Pubs

Download Paper


critical infrastructure, cybersecurity, Executive Order 13636, framework, security
Created February 19, 2014, Updated February 19, 2017