CIOs Ignore the NIST Cybersecurity Framework at Their Own Peril

On December 5, 2014, the National Institute of Standards and Technology (NIST, part of the Commerce Department) issued an update to its “Framework for Improving Critical Infrastructure Cybersecurity.” Since its issuance earlier this year, there seems to be a growing consensus that the Framework is fast becoming the de facto standard for private sector cybersecurity as viewed by regulators and U.S. lawyers. The Dec. 5 update was a progress report on implementation of the Framework in the United States and indicated that NIST intends to continue to collaborate with stakeholders to drive its adoption.

READ: CIOs Ignore the NIST Cybersecurity Framework at Their Own Peril