Gaithersburg, MD, U.S.A. --- (METERING.COM) --- July 18, 2013 - Working under an executive order to develop a voluntary cybersecurity framework the U.S. National Institute of Standards and Technology (NIST) earlier this month released a draft framework outline for reducing cyber risks to the nation’s critical infrastructure, including smart grid.
The Framework’s core structure comprises five major cybersecurity functions and their categories and subcategories, etc., and three implementation levels associated with an organization’s cybersecurity functions and how well that organization implements the framework.
These five functions are:
- Know – Gaining the institutional understanding to identify what systems need to be protected, assess priorities, and manage processes to achieve risk management goals
- Prevent – Categories of management, technical, and operational activities that enable the organization to decide on the appropriate actions to ensure adequate protection against threats to business systems that support critical infrastructure components
- Detect – Activities that identify the presence of undesirable cyber risk events, and the processes to assess the potential impact of those events
- Respond – Specific risk management decisions and activities enacted based upon previously implemented planning (from the Prevent function) relative to estimated impact
- Recover – Categories of management, technical, and operational activities that restore services that have previously been impaired through an undesirable cybersecurity risk event.
The three implementation levels represent the extent and degree to which an organization has implemented the five functions, and in essence represents that organization’s maturity level.
The draft outline is based on input from stakeholder organizations.
The draft comprises:
- A draft outline defining the overall framework and providing guidance on its usage
- A draft core framework outlining the core structure with its five functions
- A draft compendium of 250 references, including standards, guidelines and best practices.
NIST anticipates releasing a preliminary draft framework for public comment in October.