This is an introduction to the National Institute of Standards and Technology Cybersecurity Framework, also known as the CSF. This program is designed to provide you an understanding of the NIST Cybersecurity Framework and how to implement it. Before we jump into the CSF, let's continue with some cybersecurity basics. In this course, we focus on NIST roadmap for improving critical infrastructure cybersecurity. The roadmap highlights key areas of improvement for further development, alignment, and collaboration. It provides a description of anticipated future activities related to the framework and offer stakeholders another opportunity to participate actively in the continuing framework development process. While the plan is focused on the CSF, the results of the work described in this roadmap are expected to be useful to a much broader audience to improve cybersecurity risk management in much the same way that the CSF itself is useful to many sectors and organizations that are not strictly defined as part of the critical infrastructure. The roadmap, also known as NIST roadmap for improving critical infrastructure cybersecurity identifies key areas of development, alignment, and collaboration, as well as provides a description of activities related to the cybersecurity framework. The roadmap items are generally topics that are meaningful to critical infrastructure cybersecurity risk management focused on areas of both the private sector and the federal government, as well as related to the framework but managed as a separate effort. The cybersecurity framework is a living document and will continue to be updated and improved with the improvement and feedback from industry, government, and academia. Because of the continuous advancements in technology and the evolving cybersecurity landscape, the roadmap will continue to highlight areas of development relevant to the framework itself. Through private and public sector efforts, some areas of improvement have advanced enough to be included in the framework Version 1.1, which is the current version. For example, topics previously addressed by the roadmap like authentication and supply chain risk management have been researched, developed, and incorporated into the current version of the CSF. Some new topics being researched and included in the current version of the roadmap include cyberattack life cycles, measuring cybersecurity referencing techniques, small business awareness and resources, and government and enterprise risk management. On this screen, I've listed some key CSF Cybersecurity Framework attributes. Most importantly, remember that the cybersecurity framework is a framework not a prescriptive standard. The CSF provides a common language and synthetic methodology for managing cyber risk. It's meant to be adaptive, does not tell an organization how much cyber risk is tolerable nor provide the one and only formula for cybersecurity. It enables best practices to become standard practices for everyone via a common lexicon to enable actions across diverse stakeholders. Remember, it's a voluntary framework, except for federal agencies where it's now mandated by Executive Order 13800. It's a living document and it's intended to be updated as stakeholders learn from implementations and as technology and risks change, that's one reason why the framework focuses on questions in organization needs to ask itself to manage its risk. While practices, technologies, and standards will change over time, the principals will not. In summary, in this course, we've discussed the NIST roadmap and its versatility, as well as some of the key attributes.
