In 2014, the U.S. Commerce Department’s National Institute of Standards and Technology (NIST) created one of the most crucial pieces of cybersecurity guidance called the NIST Cybersecurity Framework, a common denominator for businesses across all industries to better assess risk and enhance the security and resilience of critical infrastructure. The Framework provides both private and public sector organizations a set of voluntary industry standards and best practices to help manage risk. In less than three years, over 30% of all U.S. organizations have adopted the Framework or some portion of it. By 2020, that number is expected to rise to 50%.
Earlier this month, I had the opportunity to discuss the Framework and best practices for implementing it at the Billington Cybersecurity Summit in Washington, DC, alongside an impressive group of fellow industry leaders:
The NIST Framework came in response to an Executive Order by President Barack Obama, which called for a framework to improve the cybersecurity of our nation’s critical infrastructure. What was intended for public policy has broadened into a larger business solution, where any organization can not only use The Framework but also feasibly grasp it. The Framework’s adoption has been so successful for four reasons:
This month, NIST released a supplement to the guide, the Baldrige Cybersecurity Excellence Builder (BCEB), a self-assessment tool that organizations can use to more effectively measure their cybersecurity efforts. It’s important to note that adopting the Framework or the BCEB does not mean an organization is complying with federal, state, or industry regulations. Rather, these documents are voluntary guidelines that organizations can adopt to customize to their unique needs.
NIST has taken its convening power to bring together industry and government organizations and develop a voluntary, flexible, risk-based approach to cybersecurity. To make the Framework even more useful, we in the business and security communities must share with each other and with the government our lessons learned. If your organization isn’t already putting the Framework to use, be the change to help 30% get to 50%
Like what you see? Click here and sign up to receive the latest Tanium news and learn about our upcoming events.
About the author: Ralph Kahn is Vice President of Federal for Tanium. In this role, he is delivering on the U.S. Government’s need for real-time situational awareness at scale. Ralph has more than 25 years’ experience in the technology industry. Previously, Ralph served as Vice President for Intel and emerging technologies at McAfee, where he was responsible for leading an advanced technology group chartered with forward-looking cyber research. Under his direction, this group discovered several new threat vectors and developed an information sharing and cyber system interaction model that is being used at the core of the McAfee products and is being extended to include other cyber security products.