The NIST Framework was created in response to Executive Order 13636, issued on February 12, 2013 by President Obama, to improve the critical infrastructure cybersecurity risk posture of the United States. Executive Order 13636 that stated, “[i]t is the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties” (Obama, 2013). The term “critical infrastructure” is defined as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters” (Obama, 2013).
To enact this policy, Executive Order 13636 “calls for the development of a voluntary risk-based Cybersecurity Framework – a set of industry standards and best practices to help organizations manage cybersecurity risks” (Obama, 2013). The resulting Framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses” (NIST, 2014), (NIST, 2017).
National Institute of Standards and Technology (NIST). (2017). Cybersecurity Framework Shared. Retrieved from https://www.nist.gov/cyberframework
National Institute of Standards and Technology (NIST). (2014, February 12). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved from https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf
Obama, B. (2013, February 12). Executive Order — Improving Critical Infrastructure Cybersecurity | whitehouse.gov. Retrieved from https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity