NIST releases draft of security framework

Share this article:

The National Institute of Standards and Technology (NIST) has released a preliminary cyber security draft framework (PDF) in support of President Obama's "Improving Critical Infrastructure Cybersecurity" executive order issued in February.

"The focus of the framework is to support the improvement of cyber security for the nation's critical infrastructure using industry-known standards and best practices," according to the draft. "The framework, developed in collaboration with industry, provides guidance to an organization on managing cyber security risk, in a manner similar to financial, safety, and operational risk."

The voluntary framework is comprised of three main components: core, tiers and profiler, which provide a "strategic" view of an organization's management of risk and offers assessments and goals.

The framework is designed to complement an organization's existing security management program and not replace it.

Discussions are scheduled for September, with NIST planning to release a full draft in October and a final version by February.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.