Earlier today, the White House cybersecurity office and National Institute of Standards and Technology (NIST) rolled out the first version of the NIST Cybersecurity Framework. Congratulations to all in the public and private sector who worked so hard to get to this important milestone. The high level government and widespread private sector involvement in this work is a clear indication that cybersecurity remains a central challenge for businesses and governments alike.
Today’s rollout is just the beginning. NIST ran an exhaustive, open, process, with hundreds of comments, five public workshops around the country, and thousands of participants. More work will surely be needed going forward. As NIST says, the Framework will be an iterative process, and this is a dynamic area where threats and challenges change on a near-daily basis.
The result achieves the goals of most of the participants: a Framework that sets a common risk management language, is voluntary, flexible, based on existing best practices, recognizes the importance of innovation, and has global applicability. This approach sets an important precedent globally. It also demonstrates the value of public-private partnerships which are the basis for future action in this important area.
Cisco looks forward to continuing to work with those who participated in this process, as well as other stakeholders, to build on and incorporate lessons learned into future versions of the Framework.