As the result of an Executive Order last February, the Executive Branch has introduced the Cybersecurity Framework, described to be “a voluntary how-to guide for organizations in the critical infrastructure community to enhance their cybersecurity.”
The best practices and guidelines within the Framework are structured around three primary components: the Framework Core, Profiles, and Tiers — each said to also include advice in balancing these regulations with privacy concerns.
In a statement on Wednesday, President Obama explained further that the National Institute of Standards and Technology “has worked with the private sector to develop a Cybersecurity Framework that highlights best practices and globally recognized standards so that companies across our economy can better manage cyber risk to our critical infrastructure.”
The White House stressed that abiding by the Framework is voluntary, but added that the Department of Homeland Security will be tasked with boosting awareness for the program as well as brainstorming potential incentives.
The Framework gathers existing global standards and practices to help organizations understand, communicate, and manage their cyber risks. For organizations that don’t know where to start, the Framework provides a road map. For organizations with more advanced cybersecurity, the Framework offers a way to better communicate with their CEOs and with suppliers about management of cyber risks. Organizations outside the United States may also wish use the Framework to support their own cybersecurity efforts.
The first version of the Framework for Improving Critical Infrastructure Cybersecurity is available online now.