Skip to content
DWT logo
People Expertise Insights
About Locations Careers
Search
People
Expertise
Insights
About
Locations
Careers
Search
Publications
Energy

NIST Releases Cybersecurity Framework Version 1.0

February 2014
Share
Print this page

On February 12, 2014, the Commerce Department’s National Institute of Standards and Technology (“NIST”) released a document entitled “Framework for Improving Critical Infrastructure Cybersecurity” (the “Framework”). According to the NIST, this Framework is voluntary and was developed through public-private partnership in response to Executive Order 13636: Improving Critical Infrastructure Cybersecurity, issued by President Obama last year.

Primarily aimed at organizations with critical infrastructure and sensitive information, such as those in the financial, energy, and healthcare industries, the goal of the Framework is to better protect critical information as well as critical physical assets from cyber attacks. The Framework adopts industry standards and best practices to help organizations manage cybersecurity risks “in a cost-effective manner.” In addition to the Framework document, the NIST also released a “Roadmap” document that sets forth the path toward future updates of the Framework. In fact, the NIST has referred to the Framework document (labeled as Version 1.0) as a “living” document that will be updated, as necessary, in response to industry feedback and to keep pace with improvements in technology and new threats.

The NIST emphasizes that the Framework is “technology neutral” and should complement, and not replace, an organization’s risk management process and cybersecurity program. The Framework provides a common taxonomy and method for organizations to accomplish the following:

  1. describe their current cybersecurity posture;
  2. describe their target state for cybersecurity;
  3. identify and prioritize opportunities for improvement within the context of a continuous and repeatable process;
  4. assess progress toward the target state; and
  5. communicate among internal and external stakeholders about cybersecurity risk.

In keeping with the “living” nature of the Framework document, the NIST is expected to sponsor workshops with industry stakeholders over the next six months. These workshops will aim to assist organizations in adopting the Framework as well as to provide a forum where experiences with the Framework are shared and potential refinements identified. As noted above, the Framework is strictly voluntary and the NIST has no enforcement authority. However, Congress could enact legislation that would provide incentives for private entities that adopt the Framework.

The Framework document in its entirety can be downloaded here.

Related Articles

DWT logo
©1996-2022 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Prior results do not guarantee a similar outcome.
NAVIGATE
Home People Expertise Insights
About Locations Careers Events Blogs
STAY CONNECTED

Subscribe to stay informed.

Subscribe
Employees
DWT Collaborate
EEO
Affiliations
Legal notices
Privacy policy
©1996-2022 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Prior results do not guarantee a similar outcome.
Close
Close

CAUTION - Before you proceed, please note: By clicking “accept” you agree that our review of the information contained in your e-mail and any attachments will not create an attorney-client relationship, and will not prevent any lawyer in our firm from representing a party in any matter where that information is relevant, even if you submitted the information in good faith to retain us.