In late 2015, the Government Accountability Office (GAO) released a report reviewing aspects of the cybersecurity standards and procedures developed by the National Institute for Standards and Technology (NIST) to protect U.S. critical infrastructure. The report follows up on the Cybersecurity Enhancement Act of 2014, and determines the extent to which NIST facilitated the development of voluntary cybersecurity standards and procedures. The report also notes what federal agencies promoted these standards and procedures.
During their review, GAO surveyed stakeholders from the public and private sectors who collaborated with NIST in establishing their Framework for Improving Critical Infrastructure Cybersecurity, which provides a flexible and risk-based approach for entities within the nation’s critical infrastructure sectors to protect them from cyber-based threats. However, GAO found that not all sector-specific agencies have promoted the framework in their sectors, which may hinder the adoption of the cybersecurity framework.
For more information about this report, please follow the link below.
GAO-16-152, Critical Infrastructure Protection: Measures Needed to Assess Agencies’ Promotion of the Cybersecurity Framework