Skip to content
DWT logo
People Services Insights
About Offices Careers
Search
People
Services
Insights
About
Offices
Careers
Search
Publications
Energy

NIST Releases Cybersecurity Framework Version 1.0

February 2014
Share
Print this page

On February 12, 2014, the Commerce Department’s National Institute of Standards and Technology (“NIST”) released a document entitled “Framework for Improving Critical Infrastructure Cybersecurity” (the “Framework”). According to the NIST, this Framework is voluntary and was developed through public-private partnership in response to Executive Order 13636: Improving Critical Infrastructure Cybersecurity, issued by President Obama last year.

Primarily aimed at organizations with critical infrastructure and sensitive information, such as those in the financial, energy, and healthcare industries, the goal of the Framework is to better protect critical information as well as critical physical assets from cyber attacks. The Framework adopts industry standards and best practices to help organizations manage cybersecurity risks “in a cost-effective manner.” In addition to the Framework document, the NIST also released a “Roadmap” document that sets forth the path toward future updates of the Framework. In fact, the NIST has referred to the Framework document (labeled as Version 1.0) as a “living” document that will be updated, as necessary, in response to industry feedback and to keep pace with improvements in technology and new threats.

The NIST emphasizes that the Framework is “technology neutral” and should complement, and not replace, an organization’s risk management process and cybersecurity program. The Framework provides a common taxonomy and method for organizations to accomplish the following:

  1. describe their current cybersecurity posture;
  2. describe their target state for cybersecurity;
  3. identify and prioritize opportunities for improvement within the context of a continuous and repeatable process;
  4. assess progress toward the target state; and
  5. communicate among internal and external stakeholders about cybersecurity risk.

In keeping with the “living” nature of the Framework document, the NIST is expected to sponsor workshops with industry stakeholders over the next six months. These workshops will aim to assist organizations in adopting the Framework as well as to provide a forum where experiences with the Framework are shared and potential refinements identified. As noted above, the Framework is strictly voluntary and the NIST has no enforcement authority. However, Congress could enact legislation that would provide incentives for private entities that adopt the Framework.

The Framework document in its entirety can be downloaded here.

Related Articles

06.16.25
Insights
Land Use & Development
Fast-Tracking Federal Natural Resource Approvals: Seabed Exploration and Mining Read More
09.21.23
Advisories
Energy
Clean Energy Tax Credits Made Available to Tax-Exempt and Governmental Entities Read More
08.03.23
Presentations
Energy
"Inside Legal ESG / Vidhya Prabhakaran / Davis Wright Tremaine," Inside Practice Read More External Link
DWT logo
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.
Media Kit Affiliations Legal notices
Privacy policy Employees DWT Collaborate EEO
SUBSCRIBE
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.