One of the most difficult aspects of dealing with technology for a major company is the complete lack of standards. In a complex and quickly-changing environment like IT, standards are proposed frequently, but seldom have the staying power to be used as a barometer for success. The National Institute of Science and Technology (NIST) is hoping to change that by releasing cybersecurity standards that would hold companies accountable to more than just an anti-virus suite and crossed fingers.
The NIST released its preliminary plan on Oct. 22, which is intended to act as the basis for improved control over IT infrastructure for companies in all sectors. While not mandatory, the list will be a repository for best practices, and will rely on active engagement from those in the tech community to test its validity.