The US National Institute of Standards and Technology (NIST) released the Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) on 12 February 2014. The Cybersecurity Framework establishes a common language for describing a cybersecurity program. It enables organizations of all sizes share information on cybersecurity objectives and activities. Organizations can leverage industry standards for achieving the cybersecurity objectives outlined in the Framework as they implement it. However, many organizations struggle with developing or improving their cybersecurity program simply because they are not sure where or how to start. Leveraging the Cybersecurity Framework can help organizations understand where to start, how to establish goals for their cybersecurity programs, and share lessons learned within their organizations and with others implementing the Framework.
The Cybersecurity Framework provides a standard approach for framing a cybersecurity program. The Cybersecurity Framework includes 3 primary components: the Framework core, profiles and implementation tiers. The Framework core identifies a hierarchy of cybersecurity considerations for organizations to address when implementing a cybersecurity program. Lire la suite