Sen. Tom Carper (D-Del.), the chairman of the Senate Homeland Security and Governmental Affairs Committee, said the NIST cybersecurity framework released on Wednesday by the Obama administration is a “much needed roadmap” for improving U.S. cybersecurity.
President Obama issued an executive order directing the National Institute of Standards and Technology to work with industry stakeholders to develop a framework for reducing cyber risks to U.S. infrastructure.
“Thanks to these efforts, companies now have a common but flexible path forward to better secure their systems and also a meaningful way to measure their progress,” Carper said. “We must now focus like a laser on ensuring widespread implementation of the framework in order to effectively protect our national and economic security.”
The framework has three parts: the core, implementation tiers and profiles. The core is a set of desired outcomes and activities common across critical infrastructure sectors, comprised of identify, protect, detect, respond and recover functions.
Implementation tiers provide context on how an entity views cybersecurity risk and the processes in place to manage risk. The framework profile represents outcomes based on business needs, characterized as the alignment of standards and practices to the core in an implementation scenario.
“Although the release of this framework is an important step in our ongoing efforts to improve cybersecurity, I still believe that legislation is necessary to address this ever growing threat,” Carper said. “I will continue to work with my colleagues on this important issue to ensure that Congress steps up to the plate and does its job to help protect our nation’s critical systems.”