National Institute of Standards & Technology (NIST) Cybersecurity Framework & Education Initiative

 

Web Sites

cyberframework-placeholder2NIST Cybersecurity Framework Web Site has evolved from the Comprehensive National Cybersecurity Initiative, and extends its scope beyond the federal workplace to include civilians and students in kindergarten through post-graduate school. The goal of NICE is to establish an operational, sustainable and continually improving cybersecurity education program for the nation to use sound cyber practices that will enhance the nation’s security
 
 
 
 
 
 
slide-20The National Initiative for Cybersecurity Education (NICE) Web Site has evolved from the Comprehensive National Cybersecurity Initiative, and extends its scope beyond the federal workplace to include civilians and students in kindergarten through post-graduate school. The goal of NICE is to establish an operational, sustainable and continually improving cybersecurity education program for the nation to use sound cyber practices that will enhance the nation’s security
 
 
 
 

White Papers & Articles

NIST FrameworkNIST Framework for Improving Critical Infrastructure Cybersecurity This paper describes a voluntary Cybersecurity Framework (“Framework”) created by the National Institute of Standards & Technology (NIST) to provide a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” to manage cybersecurity risk for those processes, information, and systems directly involved in the delivery of critical infrastructure services. The Framework, developed in collaboration with industry, provides guidance to an organization on managing cybersecurity risk.View the Roadmap – This companion Roadmap to the Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”) discusses NIST’s next steps with the Framework and identifies key areas of development, alignment, and collaboration.
 
 
iwInformation Week – NIST Cybersecurity Framework: Don’t Underestimate It Any company that is managing critical infrastructure in the US and disregards the Preliminary Cybersecurity Framework, issued by the National Institute of Standards and Technology (NIST) in late October, does so at its own peril. The framework, which is now in its final comment stage and due to be released in mid-February, lays out a set of comprehensive but voluntary cybersecurity practices. However, critical infrastructure owners need to recognize that, if a company’s cybersecurity practices are ever questioned during a regulatory investigation and litigation, the baseline for what’s considered commercially reasonable is likely to become the NIST Cybersecurity Framework.
 
 
Treasury LogoTreasury Department Report to the President on Cybersecurity Incentives Pursuant to Executive Order 13636 This report outlines an approach for policymakers to evaluate the benefits and relative effectiveness of government incentives in promoting the adoption of the eventual Framework. It seeks to identify types of situations in which private incentives may be insufficient to provide an appropriate level of cybersecurity. Then, the report reviews a set of seven potential policy options, in areas where the Treasury Department has significant experience or expertise, that could be used as incentives to encourage the voluntary adoption of the Framework.5 These policy solutions, while targeted at critical infrastructure organizations, might also be applicable to a broader group of private sector participants.