On February 12, 2014, exactly one year to the day on which President Obama tasked the National Institute of Standards and Technology (NIST) with creating a Cybersecurity Framework to help protect critical infrastructure, NIST released the initial version of the final document. It is the culmination of an extensive public-private collaboration during which NIST held five multi day workshops at locations across the country and collected thousands of stakeholder comments. The Framework implements President Obama’s call in Executive Order 13636 for a voluntary risk-based set of industry standards and best practices to help organizations manage cybersecurity risks. Dubbed “Version 1.0” of the NIST Cybersecurity Critical Infrastructure Framework.
On the same day it released the Framework, NIST also released a companion document, the Roadmap for Improving Critical Infrastructure Cybersecurity. The Roadmap addresses “NIST’s next steps with the Framework and identifies key areas of development, alignment, and collaboration” for implementing the Framework. Relatedly, on February 12, 2014, the Department of Homeland Security (DHS) also announced that it is launching an new program, the Critical Infrastructure Cyber Community Voluntary Program, or the “C3 Voluntary Program.” The C3 Voluntary Program is a public-private partnership that seeks to increase awareness and use of the NIST Framework. The C3 Voluntary Program is intended to connect stakeholders to DHS and other federal government programs to encourage coordination with the government, increase cyber resilience, and assist the stakeholders in managing their cyber risks. Among the benefits that DHS offers to encourage participation are free technical assistance, tools, and resources to strengthen cyber risk management capabilities, a Cyber Resilience Review, and assistance with meeting fiduciary responsibilities to manage cyber risks.
Please see full publication below for more information.