The National Institute of Standards and Technology (NIST) established in 1972 by the Computer Security Act of 1987 by redesignating the National Bureau of Standards. In 1998 President Bill Clinton issued Presidential Decision Directive 63 which established the United States critical infrastructure program as applicable to computer and information systems. Subsequently, in 2002 the Federal Information Security Management Act (FISMA) replaced the Computer Security Act of 1987 which intended to enhance information security policies in federal offices. In the end, in 2013 President Barrack Obama signed Executive Order 13636 which led NIST publishing the Cybersecurity Framework version 1.0 which is applicable to the US critical infrastructure. Currently,
…show more content…
For example, NIST SP 800-53 deals with the steps of the Risk Management Framework required by the Federal Information Processing Standards (FIPS) 200 (Chang-Gu, 2017). Additionally, ISO 27000 and COBIT frameworks describe how to execute controls and procedures within the information technology domains. Most organizations and federal offices are bound to a specific policy, NIST CSF on the other hand compliments and builds on existing theoretical accounts to strengthen an organization's cybersecurity …show more content…
NIST with the cooperation of various industry leaders created a standardized framework to improve and reduce cybersecurity risks. This led to NIST publishing version 1.0 of the Cybersecurity Framework on February 12, 2014; which commonly known as “NIST CSF”. While NIST CSF references common standards and practices such as ISO 27001, COBIT, NIST SP 800-53, ISA 62443, and the Council on Cybersecurity Critical Security Controls it was never intended to replace or supersede those standards but rather to compliment or enhance existing practices. As of January 10, 2017, NIST and various industry partners under the direction of the Cybersecurity Enhancement Act of 2014 are in the process of coordinating and developing CSF version 1.1 to address and review gaps or weakness and to facilitate its usage (Cybersecurity Framework Draft Version 1.1,
For example, NIST SP 800-53 deals with the steps of the Risk Management Framework required by the Federal Information Processing Standards (FIPS) 200 (Chang-Gu, 2017). Additionally, ISO 27000 and COBIT frameworks describe how to execute controls and procedures within the information technology domains. Most organizations and federal offices are bound to a specific policy, NIST CSF on the other hand compliments and builds on existing theoretical accounts to strengthen an organization's cybersecurity …show more content…
NIST with the cooperation of various industry leaders created a standardized framework to improve and reduce cybersecurity risks. This led to NIST publishing version 1.0 of the Cybersecurity Framework on February 12, 2014; which commonly known as “NIST CSF”. While NIST CSF references common standards and practices such as ISO 27001, COBIT, NIST SP 800-53, ISA 62443, and the Council on Cybersecurity Critical Security Controls it was never intended to replace or supersede those standards but rather to compliment or enhance existing practices. As of January 10, 2017, NIST and various industry partners under the direction of the Cybersecurity Enhancement Act of 2014 are in the process of coordinating and developing CSF version 1.1 to address and review gaps or weakness and to facilitate its usage (Cybersecurity Framework Draft Version 1.1,