Washington, DC - There’s no disputing the importance of a reliable and well-functioning critical infrastructure when it comes to our daily lives—in fact, our national and economic security depend on it. Because our critical infrastructure systems are becoming increasingly complex and connected, we need to understand the real risk of cybersecurity threats and how these threats can impact the nation’s economy, security, public safety and overall health. Cybersecurity threats can also impact companies, reputations and the ability to innovate.

Basically, it’s kind of a big deal!

NIST developed the Cybersecurity Framework to enhance the security and resilience of the nation’s critical infrastructure. The voluntary risk-based Framework integrates a set of industry standards and best practices to help organizations manage cybersecurity risks. NIST worked alongside other government agencies and the private sector to establish the resulting Framework, which uses a common language to address and manage cybersecurity risk. The process of engaging the private and public sectors in developing the Framework went so well that Congress added that responsibility to NIST’s role through the Cybersecurity Enhancement Act of 2014.

What else do we need to know?

We will soon be releasing a second draft of the Framework (version 1.1) for public comment. With a large part of the update process behind us, we anticipate this draft will be finalized in a relatively short time. Why are we doing an update? Well, to keep pace with trends in threats and technology, we believe the Framework must be a living document. NIST works with stakeholders to determine which best practices that apply to specific sectors or communities—such as the legal and insurance sectors and cloud communities—might also apply to all Framework users.  NIST gathers that input from its stakeholders via request-for-information (RFI) responses, as well as conversations at meetings and workshops.