NIST Drafts Critical Infrastructure Security Standards

Anthony Brino | Government Health IT | July 3, 2013

The National Institute of Standards and Technology (NIST) is circulating a draft of voluntary standards it’s developing for critical infrastrastructure IT security.

The framework, when fully developed, will outline security functions and standards based on a risk-management approach in five areas, summed up by the adage “Know, Prevent, Detect, Respond, Recover.”

In large part the framework is geared toward helping organizational IT leaders understand how well they can prevent a cyber attack or find, stop and recover from one.

In February, President Barack Obama signed an executive order directing NIST, under the Department of Commerce, to develop a framework that would let critical infrastructure organizations use common IT security standards [...].