AFEI

Home | Join AFEI | Contact Us

Search

Agile in Government Summit

Army Cyber Innovation Industry Day

Scroll up

Scroll down

Scroll up

Scroll down

Industry Advisory Group (IAG)

Outcome Driven Government

PM-ISE Working Groups

Section 804 Task Force

Scroll up

Scroll down

2015 Nomination Schedule and Process

2015 Nominations

Scroll up

Scroll down

Scroll up

Scroll down

ADAPT on Agile: Focus on DevOps Open Meeting

ADAPT on Agile Breakfast Briefing

Coalition Information Sharing

Battlespace Awareness and C2

Agile for Government Summit Fall 2013

Agile in Defense Spring Workshop 2013

DI2E Plugfest 2013

Agile in Defense Fall Workshop 2012

Supply Chain Innovations

Agile in Defense Spring Meeting 2012

3rd Annual SOA & Semantic Technology Symposium

Supply Chain Cyber Risk Forum

DoD Agile Development

ADAPT Open Meeting

Agile and EVM in DoD

Agile in Government

Agile In Government

Army Cyber Innovation

Army Cyber Innovation Challenge II

Army Cyberspace Industry and Innovation Day

Battlespace Awareness

Bending the Cost Curve: PlugFest PLUS

Coalition Information Sharing II

Agenda May 14 AM

Agenda May 14 PM

Armaments Demo May 15

ACTRA Registration

CYBERWEST: the Southwest Cybersecurity Summit

DI2E Plugfest 2014

DI2E Plugfest 2015

FITARA Implementation Symposium

ODG Workshop: Operational Efficiency

Outcome Driven Government Forum

Outcome Driven Government Workshop

Outcome Driven Government Workshop 2

Webinar 2: DoD Adoption of NIEM

Webinar: DoD Adoption of NIEM

You are here: AFEI > Past Events > CyberWest > NIST Framework

Print This Page

Email Page

NIST Framework

Executive Order 13636, issued in February 2013, established U.S. policy for maintaining a cyber environment that encourages "efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties." It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.

The framework is intended to be a set of industry standards and best practices to help organizations manage cybersecurity risks.

Some have criticized the Framework guidance as too "loose," with no information on how an organization can begin implementing it.

In particular, the core section of the framework provides controls based on general situations but not threats that may be specific to an organization, industry or sector.

Enterprises can use the framework as part of their processes for identifying, assessing and managing cybersecurity risk. An organization can overlay its current process onto the framework to find "gaps in its current cybersecurity risk approach and to develop a roadmap to improvement."

NIST CYbersecurity Framework Web Site

Framework Document

Back to CyberWest page

Home | Site Map

©2016 The Association for Enterprise Information