Framework Update Process - Critical Infrastructure Cybersecurity Enhancement

Framework Update Process - Critical Infrastructure Cybersecurity Enhancement
Slide Note
Embed
Share

This article discusses the Framework Update Process for Critical Infrastructure Cybersecurity Enhancement, highlighting key policy changes and ongoing activities to improve the security and resilience of the nation's critical infrastructure. It emphasizes collaboration with the private sector, government agencies, and international organizations to develop voluntary standards and guidelines for reducing cyber risks.

  • Framework
  • Cybersecurity
  • Critical Infrastructure
  • Policy Changes
mell980
mell980 Follow

Uploaded on Mar 14, 2025 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Framework Update Process July 2018 cyberframework@nist.gov

  2. Continued Improvement of Critical Infrastructure Cybersecurity December 18, 2014 February 12, 2013 Amends the National Institute of Standards and Technology Act (15 U.S.C. 272(c)) to say: It is the policy of the United States to enhance the security and resilience of the Nation s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties on an ongoing basis, facilitate and support the development of a voluntary, consensus-based, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes to cost-effectively reduce cyber risks to critical infrastructure Executive Order 13636 Cybersecurity Enhancement Act of 2014 (P.L. 113-274) 3

  3. Coordinating & Consulting Adherence with Cybersecurity Enhancement Act of 2014 (1) In general. In carrying out the activities under subsection (c)(15), the Director-- ``(i) <<NOTE: Coordination.>> coordinate closely and regularly with relevant private sector personnel and entities, critical infrastructure owners and operators, and other relevant industry organizations, including Sector Coordinating Councils and Information Sharing and Analysis Centers, and incorporate industry expertise; ``(ii) <<NOTE: Consultation.>> consult with the heads of agencies with national security responsibilities, sector-specific agencies and other appropriate agencies, State and local governments, the governments of other nations, and international organizations; ``(vii) prevent duplication of regulatory processes and prevent conflict with or superseding of regulatory requirements, mandatory standards, and related processes; 4

  4. Continued Improvement of Critical Infrastructure Cybersecurity Update Activities Request for Information Views on the Framework for Improving Critical Infrastructure Cybersecurity Dec 2015 7th Workshop Apr 2016 Engagement 105 Responses 653 Physical Attendees, 140 Online Attendees - Draft 1 Framework Version 1.1 Released Jan 2017 Request for Comment Proposed update to the Framework for Improving Critical Infrastructure Cybersecurity Jan 2017 8th Workshop May 2017 129 Responses 517 Physical Attendees, 1528 Online Attendees 89 Responses Request for Comment Cybersecurity Framework Version 1.1 Draft 2 Dec 2017 Framework Version 1.1 Released April 2018 - 5

  5. Features List Concept Living Document Process Features List Sorted by effect on backwards compatibility Prioritized based on stakeholder importance Meetings Events Roundtable Dialogs Requests for Information Requests for Comments Observations from Resources Observations from References Subject Matter Expertise cyberframework@nist.gov Major Minor Administrative 6

  6. Milestones Three Year Minimum Update Cycle New Version? 3 years from last Final Update Features List (Version A) Features List (Version B) Features List (Version C) Draft Framework Update Publish Framework Update X Major Minor Administrative Major Minor Administrative Major Minor Administrative Annual Conference Annual Conference Annual Conference Annual Conference 7

  7. Framework Versioning Process Living Document Process What? Who? Administrative Minor Major Formal Request for Information through Federal Register, 60 day comment period, and Published Comment Analysis Nominate Features for Consideration Happens through dialog and Happens through dialog and cyberframework@nist.gov All* cyberframework@nist.gov cyberframework@nist.gov Review Nominated Features Unless otherwise requested by stakeholders, this process initiates three years from the publication date of the last final version NIST** Formal Request for Comment through Federal Register, 60 day comment period, and Published Comment Analysis (Request for) Comment on Proposed Features Informal comments, 30 day comment period Stakeholders Not Required Host Workshop [NIST] to Discuss Proposed Features All Not Required Required Publish Workshop Summary of Next Steps NIST Not Required Required Draft Down-Selected Features into Proposed Update NIST Required Required (Request for) Comment on Proposed Update Stakeholders Informal comments, 30 day comment period Host Workshop [NIST] to Discuss Proposed Update Not required for Administrative Version All Required Publish Workshop Summary of Next Steps NIST N/A Required Three month minimum versioning timeline One year & six month minimum versioning timeline One year & six month minimum versioning timeline Publish Final Update NIST 8 * Includes NIST and Framework stakeholders ** An opportunity to confer with collaborators, as defined in CEA of 2014

  8. Resources Framework for Improving Critical Infrastructure Cybersecurity and related news and information: www.nist.gov/cyberframework Additional cybersecurity resources: http://csrc.nist.gov/ Questions, comments, ideas: cyberframework@nist.gov 9

Related


Challenges and Progress in Chilean Infrastructure Development

Challenges and Progress in Chilean Infrastructure Development

aster
Which and How of Cybersecurity Frameworks

Which and How of Cybersecurity Frameworks

castor
Industrial Cybersecurity Market Worth $49.53 Billion by 2030

Industrial Cybersecurity Market Worth $49.53 Billion by 2030

RAJUL
Infrastructure Development Bank of Zimbabwe (IDBZ) - Financing Zimbabwe's Infrastructure Needs

Infrastructure Development Bank of Zimbabwe (IDBZ) - Financing Zimbabwe's Infrastructure Needs

nathalia
Cybersecurity Career Path Overview

Cybersecurity Career Path Overview

rusty
Comprehensive Airport Cybersecurity Quick Guide and Assessment Tool

Comprehensive Airport Cybersecurity Quick Guide and Assessment Tool

emmitt
Ensuring Business Security: Cybersecurity Webinar Insights

Ensuring Business Security: Cybersecurity Webinar Insights

amelia
Infrastructure Prioritization Framework and Challenges

Infrastructure Prioritization Framework and Challenges

kafka
Workshop on Cybersecurity Professionalism & Ethics

Workshop on Cybersecurity Professionalism & Ethics

acke_ddy
Bridging the Global Infrastructure Gap: A Framework for Distinction

Bridging the Global Infrastructure Gap: A Framework for Distinction

tra_sto
Cybersecurity Workforce Management: Engage, Empower, Elevate

Cybersecurity Workforce Management: Engage, Empower, Elevate

dena835
Cybersecurity and Computer Science Education Projects at UH Maui College

Cybersecurity and Computer Science Education Projects at UH Maui College

karm_14
Shovel-Ready Projects Initiative for Cybersecurity Innovation in Canada

Shovel-Ready Projects Initiative for Cybersecurity Innovation in Canada

aberm
Enhancing Cybersecurity for Improved Insurability and Risk Management

Enhancing Cybersecurity for Improved Insurability and Risk Management

trac_745
Improving First Nation Infrastructure and Housing through Fiscal Management Act Model

Improving First Nation Infrastructure and Housing through Fiscal Management Act Model

mera_72
Ethics in Cybersecurity: Evolution, Challenges, and Solutions

Ethics in Cybersecurity: Evolution, Challenges, and Solutions

kdett
IRIS H2020 Project - Enhancing Cybersecurity for SMART CITIES

IRIS H2020 Project - Enhancing Cybersecurity for SMART CITIES

airt550
Defense Industrial Base (DIB) Cybersecurity Training Overview

Defense Industrial Base (DIB) Cybersecurity Training Overview

xayl_3
Cybersecurity Strategy in Japan - Roles of NISC and Basic Act Overview

Cybersecurity Strategy in Japan - Roles of NISC and Basic Act Overview

athie
CYBEX - Cybersecurity Information Exchange Techniques

CYBEX - Cybersecurity Information Exchange Techniques

mkas
Shadow: Scalable and Deterministic Network Experimentation in Cybersecurity

Shadow: Scalable and Deterministic Network Experimentation in Cybersecurity

haer447
Framework Roadmap Overview - July 2018

Framework Roadmap Overview - July 2018

inia775

More Related Content