With 95% approval for the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as a common set of standards used across US government and industry, a survey of federal employees and contractors in the States has found wide-ranging support for a universal cyber-language, as mandated in the recent executive order.
The Telos 2017 Public Sector Cyber Risk Management Report, based on a survey with 257 respondents captured at the Amazon Web Services (AWS) Public Sector Summit in June, found that overall, 88% of respondents said that the NIST CSF “effectively helps organizations manage risk.”
The CSF was developed with industry in a collaborative and open process, as directed by President Obama in Executive Order 13636 in 2013. Since then, it has seen mainstream levels of adoption in the private sector, and the Trump Administration inserted its use into an executive order issued in May. That EO mandates that the entire apparatus of the federal government move to a shared, consolidated network architecture and IT infrastructure, including email and cloud services—and as a first step, each federal department must implement the CSF.
In the survey, 95% said that organizations would benefit from implementing the CSF, and 83% favor the mandate for its use across all US government agencies.
“The NIST CSF provides a roadmap for federal agencies and organizations to develop a robust cyber-risk management plan that can evolve as quickly as threats do,” said Richard Tracy, CSO at Telos. “The level of support for the NIST CSF shows that federal agencies and contractors are keenly aware that managing cyber-risk is a critical issue at every level of an organization.”
Respondents overwhelmingly indicated support for risk management initiatives, with 89% of them saying they regard cyber-risk management as “critically important” to their ability to achieve the goals and mission of their organization.
That’s not to say there aren’t concerns. For instance, the survey revealed worries related to compliance in the cloud. In particular, two potential barriers to adoption of frameworks bubbled up—46% said their biggest cloud compliance challenge is time, while 45% said compliance is too complex.
“Respondents made it clear that compliance challenges remain on their minds as they shift to cloud and begin or continue the implementation of the NIST CSF,” said Tracy. “However, I look at these challenges as an opportunity for organizations to streamline the compliance process through automation to allow a more efficient and strategic way to embrace standards.”
Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit https://www.infosecurity-magazine.com/conferences/infosecurity-north-america/