Educause Security Discussion mailing list archives
NIST Framework for Improving Critical Infrastructure Cybersecurity Version 1
From: Carlos Lobato <clobato () NMSU EDU>
Date: Thu, 13 Feb 2014 15:34:37 +0000
All, NIST has just released its first Framework for Improving Critical Infrastructure Cybersecurity v1. http://www.nist.gov/cyberframework/index.cfm The Framework takes a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. The Framework Implementation Tiers section will give you a quick ruler to determine at a high level where you are and as you will see, it requires formality when it comes to policies, procedures and risk assessments. In addition, all federal data privacy regulations (FERPA, HIPAA, GLBA, RFR, FISMA) including PCI now reference NIST standards. Overall, as far as assuring IT compliance, the NIST framework is the way to go. Carlos, Carlos S. Lobato, CISA, CIA, CISSP IT Compliance Officer New Mexico State University Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003-8001 Phone: 575-646-5902 Fax: 575-646-5278 Email: clobato () nmsu edu<mailto:clobato () nmsu edu> IT Compliance at NMSU - http://compliance.ict.nmsu.edu/
Attachment:
cybersecurity-framework-021214-final.pdf
Description: cybersecurity-framework-021214-final.pdf
Current thread:
- NIST Framework for Improving Critical Infrastructure Cybersecurity Version 1 Carlos Lobato (Feb 13)
- Re: NIST Framework for Improving Critical Infrastructure Cybersecurity Version 1 TAMMY L. CLARK (Feb 13)
- <Possible follow-ups>
- Re: NIST Framework for Improving Critical Infrastructure Cybersecurity Version 1 Joe St Sauver (Feb 13)