NIST Releases Guidance on Federal Infrastructure Cybersecurity

The National Institute of Standards and Technology has issued a guidance to help federal agencies implement a cybersecurity framework developed by NIST in partnership with the private and public sectors.

NIST’s guidance states that the Framework for Improving Critical Infrastructure Cybersecurity is meant to help agencies streamline their efforts focused on information security risk management. The guide includes use cases encompassing enterprise risk management, cybersecurity program management, acquisition procedures and risk reporting.

The agency noted that the framework aligns with requirements under the Federal Information Security Management Act to prevent “unauthorized access, use, disclosure, disruption, modification, or destruction of a federal information system or federal Information.”

Using a risk-based approach also enables agencies to determine risks relevant to the operational lifecycle and allocate appropriate resources to “treat those risks to an acceptable level,” according to NIST.

“It is vital that agency personnel at all levels manage their assets wisely and address cybersecurity risks effectively,” NIST said. “To do that, agencies need a holistic approach to their enterprises’ risk management that includes timely, streamlined approaches and automated tools.”

NIST noted that the new guidance complements its prior publications focused on risk management for information systems and information security risk.

You may also be interested in...

Cyber Workforce

DoD, NSA Launch Cyber Workforce Dev’t, Diversity Program

The Department of Defense (DoD) has partnered with the National Security Agency (NSA) to launch a workforce training program aimed at promoting cybersecurity skills development to help close the nation’s cyber talent gap. CEDI participants will have access to DoD and NSA-sponsored cybersecurity programs, certified instructors, educational resources and internships with partner businesses.