The National Institute of Standards and Technology has issued a guidance to help federal agencies implement a cybersecurity framework developed by NIST in partnership with the private and public sectors.
NIST’s guidance states that the Framework for Improving Critical Infrastructure Cybersecurity is meant to help agencies streamline their efforts focused on information security risk management. The guide includes use cases encompassing enterprise risk management, cybersecurity program management, acquisition procedures and risk reporting.
The agency noted that the framework aligns with requirements under the Federal Information Security Management Act to prevent “unauthorized access, use, disclosure, disruption, modification, or destruction of a federal information system or federal Information.”
Using a risk-based approach also enables agencies to determine risks relevant to the operational lifecycle and allocate appropriate resources to “treat those risks to an acceptable level,” according to NIST.
“It is vital that agency personnel at all levels manage their assets wisely and address cybersecurity risks effectively,” NIST said. “To do that, agencies need a holistic approach to their enterprises’ risk management that includes timely, streamlined approaches and automated tools.”
NIST noted that the new guidance complements its prior publications focused on risk management for information systems and information security risk.