30+ Years of Freedom of Information Action

Cyber Brief: NIST Framework for Critical Infrastructure Cybersecurity

Published: Apr 25, 2018

Eddited by Michael Martelle

For more information, contact:
202-994-7000 or nsarchiv@gwu.edu

Cyber Brief: NIST Framework for Critical Infrastructure Cybersecurity

The National Institute of Standards and Technology has released its newest iteration of critical infrastructure cybersecurity framework. Today’s brief includes this document (Version 1.1), two developmental drafts with comments, a summary of a workshop held on the framework, and the first edition (Version 1.0) accompanied by two presentations on the framework. This collection of documents highlights the work of a key contributor to cybersecurity policy that is not considered to be part of the national security apparatus by most of the public.

New Additions

From the Vault

National Institute of Standards and Technology, Cybersecurity Framework Workshop 2017 Summary, July 21 2017, Unclassified.

This document summarizes the findings of a May workshop on the draft cybersecurity framework.


National Institute of Standards and Technology, Draft, Framework for Improving Critical Infrastructure Cybersecurity, January 10, 2017. Unclassified.

This framework draft - which consists of core, profile, and implementation tiers - was developed through collaboration between the government and private sector. It is intended to guide cybersecurity activities and the consideration of cybersecurity risks as part of an organization's risk management process.


National Institute of Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity, April 2016. Unclassified.

This presentation on NIST's framework for improving critical infrastructure cybersecurity includes discussions of, inter alia, the pre-cyber security framework threat landscape, development of the framework, who the framework is intended to provide guidance to, framework components, and industry resources.


National Institute of Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity, January 2016. Unclassified.

This presentation outlines an adaptable framework for cybersecurity that can be tailored to specific critical infrastructure 'profiles'.


National Institute of Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014. Unclassified.

This framework was developed in response to President Obama's 2013 executive order on critical infrastructure cybersecurity that called for creation of a voluntary risk-based cybersecurity framework.