New NIST Cybersecurity Framework

In February 2014, the NIST Cybersecurity Framework was introduced as a response to Executive Order 16363, ordered by President Obama in 2013. The Executive Order was a White House initiative to improve cybersecurity of critical infrastructure by developing a framework which incorporates a consensus of industry standards and best practices. As a result, the National Institute of Standards and Technology (NIST) developed a framework to identify and incorporate existing cybersecurity standards, guidelines, frameworks, and best practices that are applicable to increase the security of critical infrastructure sectors and other interested entities.

The framework is a three-part risk-based approach which uses a common language to address and manage cybersecurity risk to provide owners and operators a flexible, repeatable, and cost effective approach to implementing security practices. The framework is addressed by completing a framework core, in which the organization identifies risks and controls to address five key life cycle risk functions and their corresponding subcategories. In addition, framework implementation tiers and a framework profile are identified in order to distinguish the current and prospective cybersecurity in place for each organization.

While voluntary, organizations are strongly encouraged to implement the framework to help minimize cybersecurity risks and to combine the framework with other critical assessments such as SOC 2 and HIPAA Compliance.

For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.