Research & Development World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE

Cybersecurity Rosetta Stone Celebrates Two Years of Success

By R&D Editors | February 19, 2016

The Cybersecurity Framework is now used by 30 percent of U.S. organizations, according to the information technology research company Gartner, and that number is projected to reach 50 percent by 2020. Courtesy of NIST/Natasha HanacekTwo years ago this month, the National Institute of Standards and Technology (NIST) released a document designed to help strengthen cybersecurity at organizations that manage critical national infrastructure, such as banking and the energy supply. Produced after a year of intensive collaboration with industry, the Cybersecurity Framework is now a tool used by a wide variety of public and private companies and organizations, from retail chains to state governments.

Executive Order 13636 called for NIST to work with stakeholders to develop a voluntary framework based on existing cybersecurity standards, guidelines and practices to reduce risks to the nation’s critical infrastructure. Through an intense schedule of meetings across the country, NIST convened organizations large and small and from a variety of industries to shape the framework in just a year. 

As soon as the framework was published, the NIST team began traveling throughout the U.S. and internationally to share how it can help organizations manage their cyber risk. The framework is now used by 30 percent of U.S. organizations, according to the information technology research company Gartner, and that number is projected to reach 50 percent by 2020.  

These users include critical infrastructure giants Bank of America, U.S. Bank and Pacific Gas & Electric, as well as Intel, Apple, AIG, QVC, Walgreen’s and Kaiser Permanente. Universities and other organizations also rely on its guidance. In addition to private organizations in other countries, other governments, such as Italy, are using it as the foundation for their national cybersecurity guidelines.  

The framework operates as a “Rosetta Stone” that helps translate sector-specific risk management jargon and “creates a common understanding amongst the sectors around various risk management terms and phrases,” according to a report by the Financial Services Sector Coordinating Council (FSSCC).  

The FSSCC report also observed that “[C]hief Information Security Officers have been using it to communicate ideas and achieve ‘buy-in’ for various cybersecurity initiatives. Externally, institutions are using it to communicate expectations and requirements to non-sector vendors and third parties.” 

The framework is a risk-based approach to managing cybersecurity, and its foundation relies on more than a decade of NIST guidance in cybersecurity and on international standards. The framework’s core ideas — identify, protect, detect, respond and recover — help users evaluate their cyber risk and develop plans to manage it. It can guide them as they determine the cyber controls they choose, with consideration of any regulation or standards that may apply to their particular industry sector.  

The document is also “a merger of business sense and cyber-logic,” said Matt Barrett, NIST’s program manager for the Cybersecurity Framework. When all top management understands risk, cybersecurity is factored appropriately into business decisions, he said. “It allows organizations to choose controls and processes that work for their particular risk levels and mission or business needs.” 

Users and cybersecurity-related organizations are helping promote the framework through their own publications and educational efforts. 

Intel, one of the companies that collaborated on the document’s development, published a use case describing its pilot project to test the framework. ISACA, a global nonprofit association of information system professionals, participated in the framework process and now offers a course and related professional certification.  

NIST recently issued a request for information (RFI) from users on issues including how to share best practices, how to use the framework to improve cybersecurity risk management, and how to manage long-term governance of the document. The deadline for responses has been extended through 5 p.m. E.T. Feb. 23, 2016. 

Feedback gathered from the RFI will assist in developing the agenda for a workshop on the framework planned for April 6-7, 2016, at the NIST Gaithersburg, Md., campus.

Related Articles Read More >

R&D 100 winner of the day: Electromagnetic spectrum management system (ESMS)
Claude computer use
AI agents could begin transforming how we work in 2025
refinery
AI takes center stage in Honeywell-Chevron collaboration
Firefly blurred lines between a human and machine researcher 72875
Copyleaks CEO: OpenAI’s o1 emergence could blur the lines between human researcher and AI assistant
rd newsletter
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, trends, and strategies in Research & Development.
RD 25 Power Index

R&D World Digital Issues

Fall 2024 issue

Browse the most current issue of R&D World and back issues in an easy to use high quality format. Clip, share and download with the leading R&D magazine today.

Research & Development World
  • Subscribe to R&D World Magazine
  • Enews Sign Up
  • Contact Us
  • About Us
  • Drug Discovery & Development
  • Pharmaceutical Processing
  • Global Funding Forecast

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search R&D World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE