The White House announced Feb. 18 the completion of its cybersecurity framework, about one year after President Barack Obama signed an executive order mandating the creation of best practices and standards to help improve cybersecurity.
“While I believe today’s framework marks a turning point, it’s clear that much more work needs to be done to enhance our cybersecurity,” Obama said in a statement.
The framework is a conglomeration of existing global standards and practices aimed at helping agencies and organizations manage cyber-risks.
The framework is made up of five core functions to identify cyber-risks, protect infrastructure, detect cyber-infiltration, respond to them and recover from them.
The framework also has profiles for organizations to align their activities with requirements, tolerances and resources.
Finally, there are tiers for threat levels, which companies can use to increase or decrease the rigor of their practices.
Organizations and agencies are encouraged to voluntarily adopt the framework.
“The framework is a flexible, highly adaptable document, and its adoption will be market driven,” Michael Daniel, cybersecurity coordinator at the White House, said in a statement. “As a nation, we need to improve cyber-protections across the broadest set of stakeholders possible to achieve the collective benefit of security for all.”
NIST and the Department of Homeland Security are asking for feedback from organizations on the framework.