NIST Cyber Security Framework

NIST Cybersecurity Framework

Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.

Framework for Improving Critical Infrastructure Cybersecurity

NIST released the first version of the Framework for Improving Critical Infrastructure Cybersecurity (PDF EPUB EPUB Help) on February 12, 2014. The Framework Core, an important component of the Framework, and Informative Requirements thereof are available as separate downloads in three formats: spreadsheet (Excel), alternate view (PDF), and database (FileMaker Pro).  NIST is also pleased to issue a companion Roadmap that discusses NIST's next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.

The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.