The National Institute of Standards and Technology (NIST) developed a framework consistent with their mission to promote U.S. innovation and industrial competitiveness. This cybersecurity framework is continually advancing. But where did it all start?

February 12th, 2013

Executive Order 13636 assigned the responsibilities of federal departments and agencies in enhancing cybersecurity. They created the policy “to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity.”

July 1st, 2013

They released the preliminary framework. This was developed through collaboration and input from government and industry stakeholders, in response to the Executive Order from February.

February 12th, 2014

They released version 1.0 of the framework. It was designed for “Improving critical infrastructure cybersecurity”, fit for financial, energy, healthcare, and other critical industries.

December 18, 2014

The Cybersecurity Enhancement Act. They altered the NIST act to confirm NIST’s role in cybersecurity, for them to continue developing the framework.

April 2018

Framework Version 1.1 released. This version provides a more detailed explanation on properly managing supply chain cybersecurity, and is fit for a wide variety of organizations.

NIST was chosen to develop this framework because they’re an unbiased, federal agency that acts as a source of scientific information. As they continue to receive feedback, the framework continues to develop.

So if it’s voluntary, why should an organization put it into place? The framework will help an organization better understand and reduce cyber risks. They’ll be able to easily communicate their cybersecurity standards to those inside and outside their organization. And when a risk does arise, they’ll be fit to handle it.

How can you get started today? Contact us.

You Might Find These Articles Interesting:

May Cybersecurity Recap Video

HITRUST® Releases First Ever Certification Program for the NIST Framework

Cybersecurity in the Legal Sector: Using Compliance Frameworks to Boost Protection