The Department of Commerce’s National Institute of Standards and Technology has released a preliminary cyber security framework designed to help the owners and operators of critical infrastructure reduce risk.
President Obama in February called on NIST to develop the framework with various stakeholders, and NIST says it engaged with over 3,000 individuals and organizations on standards, best practices and guidelines that can provide businesses, their suppliers, their customers and government agencies with a shared set of expected protections for critical information and IT infrastructure.
"Thanks to a tremendous amount of industry input, the voluntary framework provides a flexible, dynamic approach to matching business needs with improving cyber security," said NIST director Patrick Gallagher.
According to NIST, the preliminary framework outlines steps that can be customized to various sectors, and offers a common language and mechanism for organizations to determine and describe their current cyber security posture.
"We want to turn today’s best practices into common practices, and better equip organizations to understand that good cybersecurity risk management is good business," explained Gallagher."
