The Obama Administration on Wednesday released a Cybersecurity Framework, a set of voluntary federal guidelines intended to help U.S. businesses protect themselves against cyber attacks.
The framework came together after more than a year of collaboration from the private sector and the Department of Commerce’s National Institute of Standards and Technology, NIST. President Obama called for the guidelines as part of an executive order he announced in his 2013 State of the Union address.
"While I believe today’s framework marks a turning point, it’s clear that much more work needs to be done to enhance our cybersecurity," Obama said in a statement. "Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property."
In addition to the Cybersecurity Framework, the Department of Homeland Security has established the Critical Infrastructure Cyber Community (C3, or C-cubed) Voluntary Program. That initiative is intended to connect companies and public sector departments to DHS and other federal government resources to manage cyber risks.
Although some have criticized a voluntary framework as too little, it received immediate support from the National Association of State Chief Information Officers.
"NASCIO applauds the administration for publishing a consensus-based, voluntary Cybersecurity Framework," the organization said in a statement. "Our members hope to continue to collaborate with NIST and the Department of Homeland Security to create a state and local government overlay for the cybersecurity framework that will provide additional specificity by including the federal laws and regulations with which states and localities must comply."