By Robert G. Scott, Jr. The National Institute of Standards and Technologies (NIST) has released the first draft of the Cybersecurity Framework required by President Obama’s Executive Order 13636 and Presidential Policy Directive 21, as detailed in our earlier posts (found here, here and here). The draft outlines the tentative format of the final Framework, which would include four major sections:
- A guide for senior executives and others on how to use the Framework to evaluate and manage their organizations’ cyber risk preparedness;
- A user’s guide for more detailed implementation of the Framework;
- The “core structure” of the Framework; and
- A compendium of references such as existing cybersecurity standards, guidelines and practices.