The National Institute of Standards and Technology has issued a draft cybersecurity framework intended to act as guidance for service providers to manage cybersecurity risks, Federal News Radio reported Wednesday.
Jason Miller writes the framework calls on companies to report their cybersecurity posture, describe cybersecurity goals, establish priorities to enhance risk management, evaluate progress and connect internal and external stakeholders.
NIST’s next step toward the framework implementation is providing incentives for organizations to adopt the guidance, according to the report.
A White House official told the station the departments of Homeland Security, Commerce and Treasury have suggested the incentives be applied to areas such as insurance, grants, process preference, liability restriction, centralized regulations, public recognition, rate recovery and cybersecurity research.
“Agencies are already beginning to work with the insurance industry to develop groundwork so that the framework can be utilized properly within the current marketplace and developing the means to use framework adoption as a criteria for cybersecurity grants,” the official said.
Federal agencies intend to review the framework over the next three months and the NIST plans to release its final version in February after accepting comments, Miller reports.