DRAFT Outline – Preliminary Framework to Reduce Cyber Risks to Critical Infrastructure, National Institute of Standards and Technology, July 1, 2013.
“The national and economic security of the United States depends on the reliable functioning of critical infrastructure. President Obama issued an Executive Order on February 12, 2013, to strengthen that infrastructure against cybersecurity threats. In this order, the President directed the U.S. Commerce Department’s National Institute of Standards and Technology (NIST) to lead coordination of a voluntary Cybersecurity Framework that would reduce cyber security risks to critical infrastructures, relying on private sector input and existing standards, guidelines, and practices. The purpose of this document is to define the overall Framework and provide guidance on its usage. The primary audiences for the document and intended users of the Framework are critical infrastructure owners and operators and their partners. However, it is expected that many organizations facing cybersecurity challengesmay benefit from adopting the Framework. The Framework is being designed to be relevant for organizations ofnearly every size and composition. This Framework is intended to be used throughout an entire organization –
from the senior executives who oversee an organization to the officials and staff responsible for managing critical infrastructure systems and information technology resources.”