How NIST Framework Fosters CollaborationFramework Leader Also Address How Insurers, Lawyers Use the Guidance
One of the core values of the cybersecurity framework, published by the National Institute of Standards and Technology two years ago, is to facilitate communication among various stakeholders coming from different technical and managerial backgrounds who must collaborate to build secure IT systems, says Matt Barrett, the NIST official overseeing the guidance.
The goal, he says in an interview with Information Security Media Group, is to "drive a heartier dialogue ... where we truly understand what each other is saying with regards to cybersecurity" by referring to an easy-to-understand framework.
Responding to an executive order, issued by President Obama in February 2013, NIST a year later published the cybersecurity framework, based on existing standards, guidelines and practices. The tool, use of which is voluntary, is designed to help reduce cyber risks to the information systems of critical infrastructure providers.
In the second of a two-part interview (click on player beneath image to listen), Barrett also discusses:
- How the insurance industry is using the framework to support underwriting decisions; and
- How the legal profession is using the framework to identify best practices.
Before returning to NIST in October 2014 as the framework's program manager, Barrett served as president of G2 Inc., a cyber and intelligence solutions firm. From January 2007 to July 2009, Barrett was NIST program manager for the security content automation protocol, commonly known as SCAP.
In part one of the interview, Barrett discusses NIST's plans to update the framework in late 2017.