NIST Releases Draft Outline of Cybersecurity Framework

Cybersecurity Framework  Will Reduce Cyber Risks to Critical Infrastructure

Cybersecurity Framework  Will Reduce Cyber Risks to Critical Infrastructure

The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency that operates as part of the U.S. Department of Commerce. Established in 1902 NIST’s core mission is to advance science, standards, and technology  to enhance economic security. As part of the agency’s effort to improve cybersecurity, it has posted a draft outline of a voluntary cybersecurity  framework for public review and comment.

The Executive Order calling for NIST to develop a cybersecurity framework directs the agency to collaborate with both the public and private sector. The draft framework released reflects input received from a Request for Information (RFI) released earlier this year. The current draft seeks comment and input on:

  • Outline of the purpose and core structure of the framework
  • Need and application of the framework in the business environment
  • User guide for implementing the framework

In a press released issued on the framework, Adam Sedgewick, Senior Information Technology Policy advisor at NIST said “We are pleased that many private-sector organizations have put significant time and resources into the framework development process. We believe that both large and small organizations will be able use the final framework to reduce cyber risks to critical infrastructure by aligning and integrating cybersecurity-related policies and plans, functions and investments into their overall risk management.

NIST also released a draft compendium of informative references composed of existing standards, practices and guidelines to reduce cyber risks to critical infrastructure industries. This material was released to foster discussion at upcoming workshops and to further encourage private-sector input before NIST publishes the official draft Cybersecurity Framework for public comment in October 2013.

To review the draft framework outline and offer comments visit: The draft outline and other documents related to the Cybersecurity Framework are available at