In summary, it assigns these responsibilities and establishes the policy that, "It is the policy of the United States to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties." What is the purpose of Executive Order 13636?Įxecutive Order 13636 outlines responsibilities for Federal Departments and Agencies to aid in Improving Critical Infrastructure Cybersecurity. This collaboration continues as NIST works with stakeholders from across the country and around the world to raise awareness and encourage use of the Framework. The most recent version, Framework V1.1 was released on Apfollowing a 45-day public comment period on the second draft of Framework V1.1. NIST's future Framework role is reinforced by the Cybersecurity Enhancement Act of 2014 (Public Law 113-274), which calls on NIST to facilitate and support the development of voluntary, industry-led cybersecurity standards and best practices for critical infrastructure. That took place via workshops, extensive outreach and consultation, and a public comment process. The Framework was developed in a year-long, collaborative process in which NIST served as a convener for industry, academia, and government stakeholders. Among other things, the EO directed NIST to work with industry leaders to develop the Framework. The Framework was developed in response to Presidential Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which was issued in 2013. Version 1.0 of the Framework was prepared by the National Institute of Standards and Technology (NIST) with extensive private sector input and issued in February 2014. When and how was the Framework developed? Organizations also can readily use the Framework to communicate current or desired cybersecurity posture between a buyer or supplier. That includes improving communications, awareness, and understanding between and among IT, planning, and operating units, as well as senior executives of organizations. By providing a common language to address cybersecurity risk management, it is especially helpful in communicating inside and outside the organization. In turn, that will help to prioritize investments and maximize the impact of each dollar spent on cybersecurity. It will assist in determining which activities are most important to assure critical operations and service delivery. The Framework will help an organization to better understand, manage, and reduce its cybersecurity risks. Why should an organization use the Framework? The Framework should not be implemented as an un-customized checklist or a one-size-fits-all approach for all critical infrastructure organizations. Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances – and how they implement the practices in the Framework to achieve positive outcomes will vary. It should be customized by different sectors and individual organizations to best suit their risks, situations, and needs. Is my organization required to use the Framework?ĭoes it provide a recommended checklist of what all organizations should do? In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders. The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. What is the Framework, and what is it designed to accomplish? Informative References Expand or Collapse.Events and Presentations Expand or Collapse.
Frequently Asked Questions Expand or Collapse.
0 kommentar(er)
