Framework for Improving Critical Infrastructure Cybersecurity

framework_button_5anniversary

CEA AND NIST

To better address these risks, the Cybersecurity Enhancement Act of 20141 (CEA) updated the role of the National Institute of Standards and Technology (NIST) to include identifying and developing cybersecurity risk frameworks for voluntary use by critical infrastructure owners and operators.

CRITICAL INFRASTRUCTURE

Critical infrastructure is defined in the U.S. Patriot Act of 20015 as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

Introduction

The Framework provides a common language for understanding, managing, and expressing cybersecurity risk to internal and external stakeholders.

The Framework complements, and does not replace, an organization’s risk management process and cybersecurity program.

Framework Components

The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts:
  • the Framework Core,
  • the Framework Implementation Tiers, and
  • the Framework Profiles.

The Framework Core provides a set of activities to achieve specific cybersecurity outcomes, and references examples of guidance to achieve those outcomes.

The Framework Implementation Tiers (“Tiers”) provide context on how an organization views cybersecurity risk and the processes in place to manage that risk.

The Framework Profile (“Profile”) is the alignment of the Functions, Categories, and Subcategories with the business requirements, risk tolerance, and resources of the organization.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s