Organizations of all types are increasingly subject to data theft and loss, whether the asset is customer information, intellectual property, or sensitive company files. The federal government and, thus, its private contractors have long relied upon the National Institute for Standards and Technology (within the Commerce Department) to develop standards and guidance for information protection. One of the most important of these is the fairly recent Cybersecurity Framework, which helps provide structure and context to cybersecurity. Private-sector organizations should be motivated to implement the NIST CSF not only to enhance their cybersecurity, but also to lower their potential risk of legal liability.
While the NIST has been active for some time, the CSF arose from the Cybersecurity Enhancement Act of 2014, passed in December of that year. As part of the government’s effort to protect critical infrastructure, in light of increasingly frequent and severe attacks, the Cybersecurity Enhancement Act directed the NIST to “…on an ongoing basis, facilitate and support the development of a voluntary, consensus-based, industry-led set of standards, guidelines, best practices,…
