Tech

Survey: Agencies love the NIST cybersecurity framework

A wide majority of federal IT security employees surveyed by Dell are using the NIST framework in some fashion. Eighty-two percent told the company they are using sections of the framework within their own cybersecurity programs, with 53 percent saying they use the entire guide.

By Greg Otto

December 7, 2015

Not only has the National Institute of Standards and Technology’s cybersecurity framework raised the awareness of IT security in boardrooms across the country, it’s become a staple inside the government.

Of those who are using the framework, 74 percent say it’s used as a foundation for their cybersecurity roadmap, helping to improve organizational security.

Paul Christman, vice president of federal for Dell Software, said the framework is “just good policy,” no matter what sector is moving to embrace it.

“It applies to everyone,” he told FedScoop. “It applies to schools, universities, hospitals, [the Defense Department], [the Intelligence Community], and civilian agencies. The document doesn’t say ‘This is how the government should protect the government,’ ‘This is how a bank should protect a bank.’ NIST was really trying to say ‘This wasn’t a government program or mandate;’ it’s just good practice.”

Christman said the lack of a mandate actually helped the document gain popularity with agencies.

“I think when people adopt things voluntarily, there is some ownership and accountability there,” he said. “It’s more like ‘We did this, it wasn’t done to us.’”

He also said it helped contractors get on the same page with agencies as they move to modernize their security systems.

“Everyone is now using the same vocabulary,” he said. “We can actually sit down and we produce marketing materials and say ‘Look, the framework is a given.’ That just accelerates things because we understand what they are talking about.”

That positivity echoes what Intel told FedScoop earlier this year when the company talked about its tests with the framework.

“The nice thing about a framework is it’s very flexible,” Kent Landfield, director of standards and technology policy at Intel Security, told FedScoop. “So we were able to make those changes fit nicely into the evaluation process as a whole, and we were able to then pass it on to the folks who were doing the evaluation.”

Details of the survey can be found below:

Survey: Agencies love the NIST cybersecurity framework

More Like This

Federal CIO calls on Congress to fund Technology Modernization Fund

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

Commerce adds five members to AI Safety Institute leadership

Top Stories

State Department encouraging workers to use ChatGPT

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

More Scoops

Department of Commerce announces US, UK AI safety partnership

MITRE launches lab to test federal government AI risks

NSF, NIST appropriations cuts met with disappointment as Biden seeks increases

From research to talent: Five AI takeaways from Biden’s budget

Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management

Bipartisan Senate proposal calls for AI workforce framework from NIST

New legislation would give NIST drone cybersecurity responsibilities

Latest Podcasts

Survey: Agencies love the NIST cybersecurity framework

AI Week 2024 has Come and Gone

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

Tech

Defense

Cyber

Acquisition