In February 2013, the U.S. President issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which directed NIST to work with stakeholders to develop a voluntary Cybersecurity Framework. This was done because federal agencies and critical infrastructures were facing growing security attacks and needed ways to help them better understand, organize, manage and mitigate security risks. The framework also provided a common language for agencies and infrastructure entities to communicate about security and risk management.
NIST defines the purpose of the CSF as “Helping organizations to better understand and improve their management of cybersecurity risk.” The Cybersecurity Framework is designed to help practitioners reduce cyber risks to critical infrastructure; critical infrastructure is defined as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of these matters.”
While it was originally designed specifically for use by the U.S. federal agencies and critical infrastructure systems, many entities in both private and public sectors have adopted the framework as a helpful tool for organizing their security actions and mitigating cybersecurity risks.
Use of the FairWarning solution helps customers either fully or partially fulfill over 75 Control Objectives across 22 categories and all five NIST functions.