Changes

::* [[ZIMPERIUM]]

::* [[ZIMPERIUM]]

<br/>

<br/>

''NCCoE Projects'':<br/>

''NCCoE Projects'':<ref>[https://www.nccoe.nist.gov/projects/building-blocks Building Blocks, NCCoE]</ref><br/>

{| class="wikitable; "border="0"  

{| class="wikitable; "border="0"  

| * [[5G Security]] || * [[Patching the Enterprise]]

| * [[5G Security]] || * [[Patching the Enterprise]]

* reduces the complexity of the IT infrastructure; and

* reduces the complexity of the IT infrastructure; and

* provides methods to identify, prioritize and focus resources based on risk/value analysis.<ref>[https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2019-02.pdf RMF 2.0 Bulletin pg. 4]</ref>

* provides methods to identify, prioritize and focus resources based on risk/value analysis.<ref>[https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2019-02.pdf RMF 2.0 Bulletin pg. 4]</ref>

==Cybersecurity Framework==

==Cybersecurity Framework==

===Version 1.0===

===Version 1.0===

====History====

====History====

In February 2013, recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, President [[Barak Obama]] issued Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," ordering NIST to work with stakeholders to develop a voluntary framework based on existing standards, guidelines, and practices for reducing cyber-risks to [[Critical Infrastructure]]. On December 18, 2014, the Cybersecurity Enhancement Act of 2014 (CEA) authorized the Department of Commerce, through NIST, to develop voluntary standards to reduce cyber-risks to critical infrastructure.<ref>[https://itlaw.wikia.org/wiki/Cybersecurity_Enhancement_Act_of_2014 CEA, IT Law Wiki]</ref> The law also ordered the Office of Science and Technology Policy to develop a federal cybersecurity research and development plan. Section 502 required the Director of NIST to ensure interagency coordination toward the development of international technical standards for IT security and transmit to Congress a plan.  

In February 2013, recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, President [[Barak Obama]] issued Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," ordering NIST to work with stakeholders to develop a voluntary framework based on existing standards, guidelines, and practices for reducing cyber-risks to [[CISA#Critical Infrastructure|Critical Infrastructure]]. On December 18, 2014, the Cybersecurity Enhancement Act of 2014 (CEA) authorized the Department of Commerce, through NIST, to develop voluntary standards to reduce cyber-risks to critical infrastructure.<ref>[https://itlaw.wikia.org/wiki/Cybersecurity_Enhancement_Act_of_2014 CEA, IT Law Wiki]</ref> The law also ordered the Office of Science and Technology Policy to develop a federal cybersecurity research and development plan. Section 502 required the Director of NIST to ensure interagency coordination toward the development of international technical standards for IT security and transmit to Congress a plan.  

=====Framework Development=====

=====Framework Development=====

February 26, 2013: RFI to Develop a Framework to Improve Critical Infrastructure Cybersecurity - February 12, 2014: Framework 1.0 Publication.  

February 26, 2013: RFI to Develop a Framework to Improve Critical Infrastructure Cybersecurity - February 12, 2014: Framework 1.0 Publication.