The NIST Cybersecurity Framework, which was drafted by the Commerce Department’s National Institute of Standards and Technology (NIST) comprises leading practices from various standards bodies that have proved to be successful when implemented. Compliance can also deliver regulatory and legal advantages that extend well beyond improved cybersecurity for organizations that adopt it.
While the Cybersecurity Framework targets organizations that own or operate critical infrastructure, adoption may prove advantageous for businesses across virtually all industries.
For most organizations, whether they are owners, operators, or suppliers for critical infrastructure, the NIST Cybersecurity Framework may be well worth adopting solely for its stated goal of improving risk-based security. But it also can deliver ancillary benefits that include effective collaboration and communication of security posture with executives and industry organizations, as well as potential future improvements in legal exposure and even assistance with regulatory compliance.
TBG Security consultants have been helping customers comply with State and Federal business and privacy regulations for more than a decade.
Working as either a full-service consultant, or as an adjunct to your in-house teams, TBG Security will execute our phased compliance readiness process to ensure that the business meets or exceeds your compliance requirements.
Regulation type: Framework
Governing body: National Institute of Standards and Technology
Purpose: The Framework provides an assessment mechanism that enables organizations to determine their current cybersecurity capabilities, set individual goals for a target state, and establish a plan for improving and maintaining cybersecurity programs.
The Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.
Who must comply:
Compliance is voluntary.