In a 2013 Executive Order “Improving Critical 69 Infrastructure Cybersecurity,” President Obama called for the development of a voluntary risk-based Cybersecurity Framework – a set of industry standards and best practices to help organizations manage cybersecurity risks. The first such Framework was released in 2015 and the National Institute of Standards and Technology (NIST), working with many governmental units and industry, has released an updated framework for comment.
NIST also provided the following overview.
The National Institute of Standards and Technology also has released the Baldrige Cybersecurity Excellence Builder – a voluntary self-assessment tool that enables organizations to better understand the effectiveness of their cybersecurity risk management efforts. There will be workshop on this tool on April 2nd in Baltimore. Click here for more information.
NIST will be hosting a workshop on the Framework on May 16 and 17th at their headquarters in Gaithersburg, MD. Click here for more information.
The FTC has embraced the Framework as consistent with past FTC enforcement efforts and guidelines on data security.