From: McDermott Will & Emery
The National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (Framework) almost 15 months ago and charged critical infrastructure companies within the United States to improve their cybersecurity posture. Without question, the Framework has sparked a national conversation about cybersecurity and the controls necessary to improve it. In the past year, we have seen U.S. federal agencies and departments—as well as state governments and associations—engage and embrace the Framework for the various industries that they regulate. We discuss a few examples below.
Federal Agencies’ Endorsement and Implementation of the Framework
Since the Framework was released, critical industry sectors have taken steps to align their own security guidance to the framework.
- Department of the Treasury. Soon after the release of the Framework, U.S. Department of the Treasury (Treasury Department) released a statement articulating its belief that the NIST Framework is an important and useful blueprint to evaluate, maintain, and improve the resiliency of their computer systems. Through its statement, the Treasury Department encouraged every financial services firm to use the Framework to reduce cybersecurity threats; promoted similar use of the Framework by outside vendors and
counterparties; and committed to grow and enhance the Framework.
Leave a Reply