Main Nav

NIST Releases Final Framework for Improving Critical Infrastructure Cybersecurity

The National Institute of Standards and Technology (NIST) released the initial version of its Framework for Improving Critical Infrastructure Cybersecurity on Wednesday, February 12. The Framework provides owners of critical infrastructure and others with voluntary guidance on how to best protect information and assets from cyber attacks. The final Framework closely follows the Preliminary Framework NIST released in November 2013.

Broken down into three main elements—Core, Tiers, and Profiles—the Framework sets forth the best-practices commonly used throughout the critical infrastructure industries and sectors. The Core is broken down into five functions: identify, protect, detect, respond, and recover. Used together, these functions are designed to help organizations understand and mold their cybersecurity program into a more functional and efficient system. The Tiers allow organizations to analyze the degree to which their system meets goals set forth in the Framework. The Profiles help organizations reach a higher level of cybersecurity sophistication.

As previously reported the Framework was created in response to Executive Order 13636: Improving Critical Infrastructure Cybersecurity, mandated in February 2013, in which the President called for NIST to develop a “set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks” to critical infrastructure. The Department of Homeland Security has identified sixteen different industry sectors as part of critical infrastructure, including defense, communications, food and agriculture, healthcare, communications and, of course, information technology.

Labeled as Version 1.0, the Agency acknowledges the Framework must be dynamic to match the constantly evolving technology and demands of cybersecurity. Accordingly, NIST also released the NIST Roadmap for Improving Critical Infrastructure Cybersecurity, which provides the future path for updating and improving the Framework. As it develops new versions of the Framework, NIST hopes to remain at the center of the collaboration between industry and government agencies to help owners of critical infrastructure understand, implement, and improve the Framework.

As mentioned earlier, the Framework is entirely voluntary. The Departments of Homeland Security, Commerce, and Treasury are currently reviewing ways to create incentives that will encourage organizations to implement the guidance.

EDUCAUSE has been following the development of the framework since the Executive Order was issued (see our earlier blog posts herehere, and here) and submitted comments in response to NIST’s request for information.  While EDUCAUSE will continue to follow this issue and keep you posted on developments, campus cybersecurity professionals are encouraged to work with their general counsel’s office to assess what the framework may mean for the institution’s cybersecurity practices and responsibilities. 

Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.