Few government-produced documents have had as much fanfare about them in recent years as a somewhat obscure-sounding white paper formally known as the “Framework for Improving Critical Infrastructure Cybersecurity.”
The document, produced by the National Institute of Standards and Technology, is better known as the NIST Cybersecurity Framework, and it has become the go-to guide for agencies looking to enhance their cybersecurity posture.
The framework provides agencies with a common cybersecurity lexicon to better understand and handle IT security risks. And, since President Donald Trump’s May 2017 cybersecurity executive order, the framework has been mandated as the document that agency heads should use to manage cybersecurity risk.
Despite that directive, Kevin Stine, the chief of the applied cybersecurity division at NIST, notes that following the framework is voluntary. The tool’s purpose, he says, is to help organizations “better understand, manage and communicate cybersecurity risk in the context of their missions and objectives.” The NIST Cybersecurity Framework provides a “common language and taxonomy to help align cybersecurity activities with business…
