NIST Releases Guidance on Federal Infrastructure Cybersecurity

The National Institute of Standards and Technology has issued a guidance to help federal agencies implement a cybersecurity framework developed by NIST in partnership with the private and public sectors.

NIST’s guidance states that the Framework for Improving Critical Infrastructure Cybersecurity is meant to help agencies streamline their efforts focused on information security risk management. The guide includes use cases encompassing enterprise risk management, cybersecurity program management, acquisition procedures and risk reporting.

The agency noted that the framework aligns with requirements under the Federal Information Security Management Act to prevent “unauthorized access, use, disclosure, disruption, modification, or destruction of a federal information system or federal Information.”

Using a risk-based approach also enables agencies to determine risks relevant to the operational lifecycle and allocate appropriate resources to “treat those risks to an acceptable level,” according to NIST.

“It is vital that agency personnel at all levels manage their assets wisely and address cybersecurity risks effectively,” NIST said. “To do that, agencies need a holistic approach to their enterprises’ risk management that includes timely, streamlined approaches and automated tools.”

NIST noted that the new guidance complements its prior publications focused on risk management for information systems and information security risk.

Check Also

Dept. of Energy

DOE Funds Biomanufacturing Projects

The Department of Energy is investing $5M in eight cost-shared projects that tackle challenges in the country's biomanufacturing industry. DOE said Friday it will use its national laboratories to support these projects in alignment with the  Agile BioFoundry consortium.