Final Cybersecurity Framework Released by NIST
For those who may have missed it, last month the National Institute of Standards and Technology (NIST) released its final Cybersecurity Framework in response to a 2013 Presidential Executive Order (EO) mandating the creation of Federal Cybersecurity guidelines focused on protecting critical infrastructure.
Officials have stressed that the framework is a result of public-private collaboration and will evolve over time. The framework was announced a year after President Obama issued an Executive Order, on February 12, 2013, titled “Improving Critical Infrastructure Cybersecurity”.
The EO was issued because of Congress’s failure to pass the Cyber Security Act (CSA) of 2012. The EO covered existing GSA regulations, proposed amendments to the Federal Acquisition Regulation (FAR), the Defense FAR Supplements (DFARS), and the 2013 National Defense Authorization Act (NDAA).
Designed to encourage information sharing between government and the private industry, the EO included provisions for the adoption of voluntary cybersecurity standards for critical infrastructure and expanded on the “Defense Industrial Base Enhanced Cybersecurity Services program”, a pilot program in place that allows government to share classified information with defense contractors. Another significant change with new Cybersecurity program was to ensure that small businesses included in NIST cybersecurity efforts by participating in cybersecurity efforts from numerous small businesses. NIST increased their efforts for protecting small businesses as a large percentage of them were being attacked by cyber intrusions that were affecting their businesses.
To learn more and view the final cybersecurity framework, please visit: http://www.sba.gov/advocacy/815/808311