The National Institute of Standards and Technology (NIST) developed a framework consistent with their mission to promote U.S. innovation and industrial competitiveness. This cybersecurity framework is continually advancing. But where did it all start?
February 12th, 2013
Executive Order 13636 assigned the responsibilities of federal departments and agencies in enhancing cybersecurity. They created the policy “to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity.”
July 1st, 2013
They released the preliminary framework. This was developed through collaboration and input from government and industry stakeholders, in response to the Executive Order from February.
February 12th, 2014
They released version 1.0 of the framework. It was designed for “Improving critical infrastructure cybersecurity”, fit for financial, energy, healthcare, and other critical industries.
December 18, 2014
The Cybersecurity Enhancement Act. They altered the NIST act to confirm NIST’s role in cybersecurity, for them to continue developing the framework.
Framework Version 1.1 released. This version provides a more detailed explanation on properly managing supply chain cybersecurity, and is fit for a wide variety of organizations.
NIST was chosen to develop this framework because they’re an unbiased, federal agency that acts as a source of scientific information. As they continue to receive feedback, the framework continues to develop.
So if it’s voluntary, why should an organization put it into place? The framework will help an organization better understand and reduce cyber risks. They’ll be able to easily communicate their cybersecurity standards to those inside and outside their organization. And when a risk does arise, they’ll be fit to handle it.
How can you get started today? Contact us.
You Might Find These Articles Interesting: