National Institute of Standards and Technology: Difference between revisions
Christiane (talk | contribs) m Christiane moved page NIST to National Institute of Standards and Technology: Standardize |
|||
(5 intermediate revisions by one other user not shown) | |||
Line 61: | Line 61: | ||
::* [[ZIMPERIUM]] | ::* [[ZIMPERIUM]] | ||
<br/> | <br/> | ||
''NCCoE Projects'':<br/> | ''NCCoE Projects'':<ref>[https://www.nccoe.nist.gov/projects/building-blocks Building Blocks, NCCoE]</ref><br/> | ||
{| class="wikitable; "border="0" | {| class="wikitable; "border="0" | ||
| * [[5G Security]] || * [[Patching the Enterprise]] | | * [[5G Security]] || * [[Patching the Enterprise]] | ||
Line 93: | Line 93: | ||
* reduces the complexity of the IT infrastructure; and | * reduces the complexity of the IT infrastructure; and | ||
* provides methods to identify, prioritize and focus resources based on risk/value analysis.<ref>[https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2019-02.pdf RMF 2.0 Bulletin pg. 4]</ref> | * provides methods to identify, prioritize and focus resources based on risk/value analysis.<ref>[https://csrc.nist.gov/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2019-02.pdf RMF 2.0 Bulletin pg. 4]</ref> | ||
===SP 800-171=== | |||
==Cybersecurity Framework== | ==Cybersecurity Framework== | ||
===Version 1.0=== | ===Version 1.0=== | ||
====History==== | ====History==== | ||
In February 2013, recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, President [[Barak Obama]] issued Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," ordering NIST to work with stakeholders to develop a voluntary framework based on existing standards, guidelines, and practices for reducing cyber-risks to [[Critical Infrastructure]]. On December 18, 2014, the Cybersecurity Enhancement Act of 2014 (CEA) authorized the Department of Commerce, through NIST, to develop voluntary standards to reduce cyber-risks to critical infrastructure.<ref>[https://itlaw.wikia.org/wiki/Cybersecurity_Enhancement_Act_of_2014 CEA, IT Law Wiki]</ref> The law also ordered the Office of Science and Technology Policy to develop a federal cybersecurity research and development plan. Section 502 required the Director of NIST to ensure interagency coordination toward the development of international technical standards for IT security and transmit to Congress a plan. | In February 2013, recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, President [[Barak Obama]] issued Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," ordering NIST to work with stakeholders to develop a voluntary framework based on existing standards, guidelines, and practices for reducing cyber-risks to [[CISA#Critical Infrastructure|Critical Infrastructure]]. On December 18, 2014, the Cybersecurity Enhancement Act of 2014 (CEA) authorized the Department of Commerce, through NIST, to develop voluntary standards to reduce cyber-risks to critical infrastructure.<ref>[https://itlaw.wikia.org/wiki/Cybersecurity_Enhancement_Act_of_2014 CEA, IT Law Wiki]</ref> The law also ordered the Office of Science and Technology Policy to develop a federal cybersecurity research and development plan. Section 502 required the Director of NIST to ensure interagency coordination toward the development of international technical standards for IT security and transmit to Congress a plan. | ||
=====Framework Development===== | =====Framework Development===== | ||
February 26, 2013: RFI to Develop a Framework to Improve Critical Infrastructure Cybersecurity - February 12, 2014: Framework 1.0 Publication. | February 26, 2013: RFI to Develop a Framework to Improve Critical Infrastructure Cybersecurity - February 12, 2014: Framework 1.0 Publication. |