• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

NIST releases final Cybersecurity Framework

February 13, 2014 By Privacy, Cyber & Data Strategy Team

The National Institute of Standards and Technology (“NIST”) has released the final version of the much-anticipated Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The Framework was developed by NIST at the direction of President Obama’s February 12, 2013, Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the “Executive Order”).

The Framework largely retains the structure and components of the preliminary version of the Framework (a discussion of which can be found here), including (i) the Framework Core, (ii) the Framework Implementation Tiers, and (iii) the Framework Profile. The Framework omits Appendix B of that preliminary version, the “Methodology to Protect Privacy and Civil Liberties for a Cybersecurity Program.” The preliminary version’s Appendix B incorporated references to the Fair Information Practice Principles, and became a lightning rod for industry commentators.

Consistent with the Executive Order, the Framework asserts that its use by critical infrastructure is voluntary. Section 10 of the Executive Order may prove otherwise. That section instructs agencies with responsibility for regulating the security of critical infrastructure to perform a gap analysis between the Framework and current cybersecurity regulatory requirements. These agencies have ninety (90) days from the release of the Framework to propose “prioritized, risk-based, efficient, and coordinated actions . . . to mitigate the risk.” This analysis could very well lead to regulatory adoption of the Framework in various industries.

We are working on an article that describes the Framework and its implications in more detail. Stay tuned.

Filed Under: Cyber Risk, Cybersecurity, Data Protection, Data Security, Privacy, Regulation Tagged With: Cybersecurity Executive Order, Department of Commerce (DOC), National Institute for Standards and Technology (NIST), The White House

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Belgian Supervisory Authority Sanctions News Media Company for Violating Cookie Rules
  • DOJ Issues New Policy on CFAA Prosecutions
  • EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.