NIST's school for cyber

The federal government's standards setter is offering agencies advice on how to implement the cybersecurity framework.

 

What: NIST Cybersecurity Framework Implementation Guidance for Federal Agencies

Why: The new cybersecurity executive order signed May 11 by President Donald Trump assigned the National Institute of Standards and Technology responsibility for developing the user manual for federal cybersecurity.  Under the order, federal agency heads must use the framework to "manage the agency's cybersecurity risk."

Just in time, NIST has released new draft guidance to teach federal agencies how to meld NIST's cybersecurity framework into their own operations, as well as assess the cybersecurity of technology vendors.

NIST notes that the framework is also being adopted by commercial interests and other governments as a way to address the growing worldwide cyber threat.

NIST offers eight use cases for agencies to address common cybersecurity-related responsibilities. By using the guidance, according to the NIST draft, agencies can integrate the framework with key cybersecurity risk management standards and guidelines already in place across many agency organizational levels, including Federal Information Security Management Act and the Health Insurance Portability and Accountability Act rules.

NIST wants feedback from agencies on risk management, framework implementation challenges and how the guidance draft can help stakeholders better understand federal agencies’ use of the framework.

Verbatim:  "In a world where cyber systems are constantly challenged by more frequent and often more creative and sophisticated attacks, it is vital that agency personnel -- from the most senior executives to line staff -- manage their assets and cybersecurity risks wisely. To do that well, they need the most capable, up-to-date, and easy-to-use approaches and tools, including a holistic approach to risk management."

Read the full guidance here.