In compliance with an executive order that was issued this past February, the National Institute of Standards and Technology (NIST) released a draft of its preliminary cybersecurity guidelines that aim to help secure IT systems.
The draft reads:
The Framework complements, and does not replace, and organization’s existing business or cybersecurity management process and cybersecurity program. Rather, the organization can use its current processes and leverage the framework to identify opportunities to improve and organization’s cybersecurity risk management.
According to a report by CompterWorld, the framework will eventually include a three-part scheme:
- Core Functions: A compilation of commonly practiced activities and references
- Implementation: Guidance on how to manage cybersecurity risks
- Framework Profile: Guidance on integration within a preexisting cybersecurity strategy
Although a full preliminary plan is scheduled to be released for public review in October, Twitter, through the hashtag #NISTCSF, is currently being used to collect ideas and suggestions. You can read the full draft here. You can find the executive order here.
1 Pingback