Skip Navigation Links
Webinar 2: DoD Adoption of NIEM
Outcome Driven Government Workshop
Agile in Government
Webinar: DoD Adoption of NIEM
CyberWest
Background
NIST Framework
Agenda May 13
Agenda May 14 AM
Agenda May 14 PM
Armaments Demo May 15
ACTRA Registration
DI2E Plugfest 2014
AFEI Supported Events
Past Events

 NIST Framework 

Executive Order 13636, issued in February 2013, established U.S. policy for maintaining a cyber environment that encourages "efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties." It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. 

The framework is intended to be a set of industry standards and best practices to help organizations manage cybersecurity risks.

Some have criticized the Framework guidance as too "loose," with no information on how an organization can begin implementing it.

In particular, the core section of the framework provides controls based on general situations but not threats that may be specific to an organization, industry or sector.

Enterprises can use the framework as part of their processes for identifying, assessing and managing cybersecurity risk. An organization can overlay its current process onto the framework to find "gaps in its current cybersecurity risk approach and to develop a roadmap to improvement."  

NIST CYbersecurity Framework Web Site

Framework Document

Back to CyberWest page