NIST Releases Framework for Improving Critical Infrastructure Cybersecurity

On February 12, 2014, the White House announced the release of the final version of the Framework for Improving Critical Infrastructure Cybersecurity. The Cybersecurity Framework includes standards and processes for assessing and reducing cyber risks to critical infrastructure, and reflects numerous changes to the preliminary version of the Framework that was issued in October 2013. NIST implemented many of these changes in response to comments received regarding the preliminary Framework in written comments and at a November workshop in Raleigh. Venable has attended all of NIST's workshops on the Framework and has closely monitored its development into its final form.

There are generally only minor differences between the structure and content of the Framework and its preliminary version. However, one major change is the removal of the preliminary Framework's "Methodology to Protect Privacy and Civil Liberties for a Cybersecurity Program," a separate appendix that listed a number of privacy-oriented controls. Instead, a reformulated methodology was included in the final Framework's body text.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.