NIST Finalizes Cybersecurity Framework For Critical Infrastructure—Implementation Next On The Agenda


On February 12, 2014, exactly one year to the day on which President Obama tasked the National Institute of Standards and Technology (NIST) with creating a Cybersecurity Framework to help protect critical infrastructure, NIST released the initial version of the final document. It is the culmination of an extensive public-private collaboration during which NIST held five multi day workshops at locations across the country and collected thousands of stakeholder comments. The Framework implements President Obama’s call in Executive Order 13636 for a voluntary risk-based set of industry standards and best practices to help organizations manage cybersecurity risks. Dubbed “Version 1.0” of the NIST Cybersecurity Critical Infrastructure Framework.

On the same day it released the Framework, NIST also released a companion document, the Roadmap for Improving Critical Infrastructure Cybersecurity. The Roadmap addresses “NIST’s next steps with the Framework and identifies key areas of development, alignment, and collaboration” for implementing the Framework. Relatedly, on February 12, 2014, the Department of Homeland Security (DHS) also announced that it is launching an new program, the Critical Infrastructure Cyber Community Voluntary Program, or the “C3 Voluntary Program.” The C3 Voluntary Program is a public-private partnership that seeks to increase awareness and use of the NIST Framework. The C3 Voluntary Program is intended to connect stakeholders to DHS and other federal government programs to encourage coordination with the government, increase cyber resilience, and assist the stakeholders in managing their cyber risks. Among the benefits that DHS offers to encourage participation are free technical assistance, tools, and resources to strengthen cyber risk management capabilities, a Cyber Resilience Review, and assistance with meeting fiduciary responsibilities to manage cyber risks.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Topics:  Critical Infrastructure Sectors, Cybersecurity, Cybersecurity Framework, NIST

Published In: Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »