9 The NIST Cybersecurity Framework Demystified
9.1 Introduction
Previous chapters have mentioned the NIST Cybersecurity Framework as a solid resource upon which to base local government cybersecurity programs. The purpose of this chapter is to introduce readers to the 2018 version of the framework. First, the chapter presents a brief history of the framework’s development. Second, it describes overall structure and components of the framework and how local governments should use it as a continuous guide for cybersecurity improvement. The chapter concludes with an examination of each of the five functions of cybersecurity, which were previously introduced in Chapter 2, along with their categories and subcategories.
9.2 History of the Framework
NIST’s original Cybersecurity Framework 1.0 (2014) was published in response to President Obama’s Executive Order (EO) 13636 for improving critical infrastructure cybersecurity (U. S. National Institute of Standards and Technology, 2019). The EO directed NIST to work with private industry to create a standard of best practices for all sectors of critical infrastructure. Academics and government stakeholders were also involved in the development process. The framework is intended to be a flexible, cost-effective set of guidelines applicable to every critical infrastructure sector (Table 9.1). NIST also offers resources specific to federal organizations, small- and medium-sized businesses, state, local, tribal, and territorial (SLTT) governments, ...
Get Cybersecurity and Local Government now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
