This publication and the abstract below was published by FCC in March 2015. ICIT strongly encourages you to visit the FFC Research Reports to search for additional information security resources which are freely available.

WORKING GROUP 4: Final Report

CSRIC IV Working Group 4 (WG4) was given the task of developing voluntary mechanisms that give the Federal Communications Commission (FCC) and the public assurance that communication providers are taking the necessary measures to manage cybersecurity risks across the enterprise. WG4 also was charged with providing implementation guidance to help communication providers use and adapt the voluntary NIST Cybersecurity Framework (hereinafter “NIST CSF”).

Working Group 4 began its work shortly after the Communications Sector3 completed a highly collaborative, multi‐stakeholder process that resulted in the NIST CSF Version 1.04 that was called for in the President’s Executive Order 13636 – Improving Critical Infrastructure Cybersecurity. The sector’s participation in CSRIC WG4 was seen as an opportunity to assume the leadership urged by FCC Chairman Tom Wheeler in a speech delivered to the American Enterprise Institute in June 2014. By building on the cross‐sector NIST CSF and by framing its applicability to five major communications industry segments, the Working Group was able to formulate and commit to several voluntary mechanisms that provide the macro‐level assurances sought by the FCC.  Moreover, these mechanisms, combined with the insights, tools, guidance, and fact‐based analyses developed by over 100 cybersecurity professionals who participated in a year‐long effort to produce this report, validate the advantages of a non‐regulatory approach over a prescriptive and static compliance regime.