Executive Order 13636: Cybersecurity Framework
Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.
Framework for Improving Critical Infrastructure Cybersecurity
NIST released the first version of the Framework for Improving Critical Infrastructure Cybersecurity (PDF EPUB EPUB Help) on February 12, 2014. The Framework Core, an important component of the Framework, and Informative Requirements thereof are available as separate downloads in three formats: spreadsheet (Excel), alternate view (PDF), and database (FileMaker Pro). NIST is also pleased to issue a companion Roadmap that discusses NIST's next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.
The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
The Department of Homeland Security's Critical Infrastructure Cyber Community C³ Voluntary Program helps align critical infrastructure owners and operators with existing resources that will assist their efforts to adopt the Cybersecurity Framework and manage their cyber risks. Learn more about the C³ Voluntary Program by visiting the C3 Web site.
NIST is also pleased to issue a companion Roadmap that discusses NIST's next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.
In the interest of continuous improvement, NIST will continue to receive and consider informal feedback about the Framework and Roadmap. As has been the case throughout the process, organizations and individuals may contribute observations, suggestions, and lessons learned to email@example.com.