Wednesday, July 3, 2013

NIST Releases Draft Outline of Cybersecurity Framework for Critical Infrastructure

I like what NIST does regarding Security guidance. I know that they are a USA government body, thus those outside the USA have some reservation. I however find that they hit all the right buttons on their Security specifications. They are catching up a bit on their understanding of Privacy.

I have high hopes, but not too high, for their new Cybersecurity Framework. First, I am dissapointed that NIST would be dragged into a buzzword and forced to say "cybersecurity" as if it is a term that everyone knows totally. But, sometimes one must do the buzzword bingo
As part of its efforts to develop a voluntary framework to improve cybersecurity in the nation's critical infrastructure, the National Institute of Standards and Technology (NIST) has posted a draft outline of the document to invite public review and gather comments.
The Executive Order calling for NIST to develop the framework directs the agency to collaborate with the public and private sectors. The draft outline reflects input received in response to a February 2013 Request for Information, discussions at two workshops and other forms of stakeholder engagement.
 The framework so far is useless, but their approach is good. It will be Risk based, and leverage existing standards. This is music to my ears.
The draft outline and other documents related to the Cybersecurity Framework are available at http://www.nist.gov/itl/cyberframework.cfm.
The most informative part of this announcement is their presentations: