Thursday 29 August 2013

NIST Cybersecurity Framework

The purpose of this document is to define the overall Framework and provide guidance on its usage. The primary audiences for the document and intended users of the Framework are critical infrastructure owners and operators and their partners. However, it is expected that many organizations facing cybersecurity challenges may benefit from adopting the Framework. The Framework is being designed to be relevant for organizations of nearly every size and composition. It is also expected that many organizations that already are productively and successfully using appropriate cybersecurity standards, guidelines, and practices – including those who contributed suggestions for inclusion in this document – will continue to benefit by using those tools.

DRAFT - Framework Core
The Framework Core offers a way to take a high-level, overarching view of an organization’s management of cybersecurity risk by focusing on key functions of an organization’s approach to this security. These are then broken down further into categories. The Framework’s core structure consists of:
  • Five major cybersecurity functions and their categories and subcategories
  • Three Framework Implementation Levels associated with an organization’s cybersecurity functions and how well that organization implements the framework.

DRAFT - CompendiumThe Framework’s core also includes the compendium of informative references, existing standards, guidelines, and practices to assist with specific implementation.

The compendium of informative references that included standards, guidelines and best practices is provided as an initial data set to map specifics to sub-categories, categories and functions. The Framework’s compendium points to many standards – including performance and process-based standards. These are intended to be illustrative and to assist organizations in identifying and selecting standards for their own use and for use to map into the core Framework. The compendium also offers practices and guidelines, including practical implementation guides.

No comments:

Post a Comment