Approaches for Federal Agencies to Use Cybersecurity Framework: NIST Publishes NISTIR 8170

Today, NIST has published NISTIR 8170, Approaches for Federal Agencies to Use the Cybersecurity Framework. It provides guidance on how the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) can be used in the U.S. Federal Government in conjunction with the current and planned suite of NIST security and privacy risk management publications. This specific guidance was derived from current Cybersecurity Framework use and implementer feedback. It provides eight example approaches to assist federal agencies as they develop, implement, and continuously improve their cybersecurity risk management programs.

The examples are consistent with OMB Circular A-130, Managing Information as a Strategic Resource, which provides guidance regarding the heavily used NIST Risk Management Framework, associated documents, and the Cybersecurity Framework. The examples also support OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control; use of the Cybersecurity Framework helps to identify, manage, report, and monitor the internal controls needed to properly manage potential information and technology risks to an agency. Draft NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM)-also released today-decomposes and advances concepts discussed in A-130, A-123, NISTIR 8170, and the Risk Management Framework (RMF).

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.