Educause Security Discussion mailing list archives

NIST Framework for Improving Critical Infrastructure Cybersecurity Version 1

From: Carlos Lobato <clobato () NMSU EDU>
Date: Thu, 13 Feb 2014 15:34:37 +0000

All,

NIST has just released its first Framework for Improving Critical Infrastructure Cybersecurity v1.  
http://www.nist.gov/cyberframework/index.cfm

The Framework takes a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework 
Core, the Framework Implementation Tiers, and the Framework Profiles.

The Framework Implementation Tiers section will give you a quick ruler to determine at a high level where you are and 
as you will see, it requires formality when it comes to policies, procedures and risk assessments.

In addition, all federal data privacy regulations (FERPA, HIPAA, GLBA, RFR, FISMA) including PCI now reference NIST 
standards.  Overall, as far as assuring IT compliance, the NIST framework is the way to go.

Carlos,

Carlos S. Lobato, CISA, CIA, CISSP
IT Compliance Officer

New Mexico State University
Information and Communication Technologies
MSC 3AT PO Box 30001
Las Cruces, NM  88003-8001

Phone: 575-646-5902
Fax: 575-646-5278

Email: clobato () nmsu edu<mailto:clobato () nmsu edu>
IT Compliance at NMSU - http://compliance.ict.nmsu.edu/

Attachment: cybersecurity-framework-021214-final.pdf
Description: cybersecurity-framework-021214-final.pdf

Current thread:

NIST Framework for Improving Critical Infrastructure Cybersecurity Version 1 Carlos Lobato (Feb 13)
- Re: NIST Framework for Improving Critical Infrastructure Cybersecurity Version 1 TAMMY L. CLARK (Feb 13)
- <Possible follow-ups>
- Re: NIST Framework for Improving Critical Infrastructure Cybersecurity Version 1 Joe St Sauver (Feb 13)