Additional Actions Are Essential for Assessing Cybersecurity Framework Adoption
This publication and the abstract below was published by GAO on February 2018. ICIT strongly encourages you to visit the GAO Publications Library to search for additional information security resources which are freely available.
What GAO Found: Additional Actions Are Essential for Assessing Cybersecurity Framework Adoption
Most of the 16 critical infrastructure sectors took action to facilitate adoption of the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity by entities within their sectors. Federal policy directs nine federal lead agencies—referred to as sector-specific agencies (SSA)—in consultation with the Department of Homeland Security and other agencies, to review the cybersecurity framework and, if necessary, develop implementation guidance or supplemental materials to address sector-specific
risks and operating environments.
In response, guidance for 12 of the 16 sectors for implementing the cybersecurity framework was developed. In addition, nonfederal led sector coordinating councils took additional steps to facilitate framework adoption. For example, 3 sectors that developed implementation guidance encouraged the alignment of the framework with existing cybersecurity guidelines used within their respective