You are here
National Institute of Standards and Technology- Final Cybersecurity Framework
On February 12, 2014, the National Institute of Standards and Technology (NIST) published the Final Cybersecurity Framework. According to NIST, “the framework allows organizations—regardless of size, degree of cyber risk or cybersecurity sophistication—to apply the principles and best practices of risk management to improve the security and resilience of critical infrastructure.”
In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity. The order calls for the development of a voluntary, risk-based Cybersecurity Framework—a set of existing standards, guidelines and practices to help organizations manage cyber risks. The resulting framework, created through public-private collaboration, provides a common language to address and manage cyber risk in a cost-effective way based on business needs, without placing additional regulatory requirements on businesses.
- On December 16, 2013, the Office of Advocacy provided commented to NIST on the preliminary Framework. These comments can be viewed at: http://www.sba.gov/advocacy/816/781561.
- You may view this Final Cybersecurity Framework at: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf.
- Advocacy contact: Major L. Clark, 202-205-7150 or firstname.lastname@example.org