Recent Posts

NIST Cybersecurity Framework Is Improved But Best Part Is the Community It Has Created


The National Institutes of Standards and Technology (NIST) released on Tuesday its "official" preliminary comprehensive critical infrastructure cybersecurity framework as required under President Obama's February executive order, and most people involved say it's an improvement over previous versions.

After talking to a number of the key participants in the framework process, I noticed that despite the varied and widespread critiquing of the framework from a diverse and often fractious bunch of cybersecurity specialists, lawyers and engineers, one thing stood out:  the framework has created a community of people willing to collaborate on cybersecurity for the common good.

As one participant noted, "what we've developed is a framework for people working together." Unfortunately the framework itself still falls short in terms of actually improving cybersecurity in the eyes of many participants.  But there's still time for more changes before the framework is finalized in February...and will probably continue changing well after that.

Here's my latest take in my ongoing series on the framework for CSO Magazine.  Check it out.

Twitter Delicious Facebook Digg Stumbleupon Favorites More