NIST Releases Preliminary Cybersecurity Framework
On October 22, the National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework pursuant to President Obama’s Executive Order 13636 title Improving Critical Infrastructure Cybersecurity. The Preliminary Framework seeks to help critical infrastructure owners and operators reduce cybersecurity risks through voluntary best practices. The financial services sector is one of the many sectors identified as a critical sector, and NIST notes that the Preliminary Framework can be applied by organizations beyond those contemplated by the Executive Order. The Preliminary Framework outlines steps that can be customized to various sectors and adapted by organizations of any size while providing a consistent approach to cybersecurity. It offers a common language and mechanism for organizations to determine and describe their current cybersecurity posture, as well as their target state for cybersecurity. The Preliminary Framework is intended to help all organizations identify and prioritize opportunities for improving cybersecurity risk management. NIST will accept public comments for 45 days, will hold a workshop on the Preliminary Framework on November 14 and 15 at North Carolina State University, and will release the finalized framework in February 2014, as required by the Executive Order.