Editor’s Note: Although much remains to be determined, the draft outline released by NIST appears to quash concerns that the Framework will be overaly prescriptive. The Draft Outline is attached . Below is an excerpt from the secion on How to Use This Framework.
From: NIST
The Framework should be considered and used as a guide rather than as a detailed manual. It is a way for executives, managers, and staff to:
• understand and assess the cybersecurity capabilities, readiness, and risks of their organization;
• identify areas of strength and weakness and aspects of cybersecurity on which they should productively focus, and learn what informative standards, guidelines, and practices are available and applicable to their organization.
By doing so, the Framework should assist an organization to align and integrate cybersecurity-related policies and plans, functions, and investments with the enterprise’s overall risk management – particularly throughout the critical infrastructure sectors on which the national and economic security of the United States relies.
Leave a Reply