NIST Releases Version 1.0 of Cybersecurity Framework

On February 12, 2014, NIST released version 1.0 of the voluntary, risk-based Cybersecurity Framework implemented pursuant to Executive Order 13636. It also released a “Roadmap” document to accompany the framework. Organizations providing the nation's financial, energy, health care and other critical systems can use the framework to determine their current level of cybersecurity, set goals for cybersecurity that are in sync with their business environment, and establish a plan for improving or maintaining their cybersecurity. It also offers a methodology to protect privacy and civil liberties to help organizations incorporate those protections into a comprehensive cybersecurity program.

The framework document is labeled "Version 1.0" and is described as a "living" document that will need to be updated to keep pace with changes in technology, threats and other factors, and to incorporate lessons learned from its use. NIST will continue to serve as a convener and coordinator to work with industry and other government agencies to help organizations understand, use and improve the framework, and to discuss future governance of the framework.

To view the framework, click here.

To view the roadmap, click here.