Technology: Dissecting the first version of the NIST’s cybersecurity framework

The framework is comprised of three main elements: the “core,” “tiers,” and “profiles”

On Feb. 12, 2014, following a year-long development process, the Commerce Department's National Institute of Standards and Technology (NIST) released a framework for improving critical infrastructure cybersecurity. Although aimed in particular at providers of energy, financial, health care, communications, and other critical systems and services, the framework provides a standard model for the creation of new cybersecurity programs and the evaluation and improvement of existing programs that can be used by organizations of any size and in any industry.

The framework has its genesis in Executive Order 13636, Improving Critical Infrastructure Cybersecurity. Issued by President Obama in February 2013, the order called for stakeholders in the private and public sectors to collaborate in the development of voluntary, industry-specific standards to help organizations improve the security of critical infrastructure and reduce the risks posed by cyber-attacks. In the year since the order was issued, NIST sought input from individuals and organizations on how cyber-risk can be managed in a cost-effective manner without imposing an additional regulatory burden on businesses.

Contributing Author

author image

Kit Winter

Kit Winter is a member at law firm Dykema Gossett in Los Angeles and focuses on internet, intellectual property and business litigation. He can be...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.