NEWS ROOM | Press Releases
For immediate release: February 12, 2014
Contact: Shawn Vaughn
NASCIO Supports Adoption of the NIST Cybersecurity Framework
LEXINGTON, Ky., Wednesday, February 12 — NASCIO applauds the Administration for publishing a consensus-based, voluntary Cybersecurity Framework. The Framework provides states with a common platform on which to base strategic security decisions, allocate resources, and build defenses against both common and sophisticated attacks. The Framework provides a common language for all levels of government and their partners in the private sector to perform risk analysis and detail their security efforts.
Today’s release is a critical step in a process the President began a year ago when he signed an Executive Order that brought federal leadership to a major vulnerability in our national security infrastructure. The inclusion of a methodology to protect privacy and personal information is also valuable for states, which are responsible for storing sensitive information on citizens and businesses. This addition is a welcome refinement to the final framework.
Similarly to the private sector, state governments are at risk from a host of diverse and changing security threats that require a formal strategy, adequate resources, and constant vigilance. In response, states are actively working to increase their cyber readiness. Over three-quarters of states have adopted some cybersecurity framework based on national standards and guidelines, with the vast majority utilizing National Institute of Standards and Technology (NIST) standards to some degree.
NASCIO thanks the Administration for the collaborative process that led up to the creation of the cybersecurity framework. Our members hope to continue to collaborate with NIST and the Department of Homeland Security to create a state and local government overlay for the cybersecurity framework that will provide additional specificity by including the federal laws and regulations with which states and localities must comply.
NASCIO will be encouraging states to adopt the framework as a common language in which to build a strategic cybersecurity plan that provides leadership and stakeholders a better understanding of the security stance within state governments.
This is not the end, but the beginning of a process, and both states and our federal partners still have significant work to do in this area. Advancing common security and information sharing, protocols, such as National Information Exchange Model (NIEM), will be important to securing public sector data while still allowing it to flow between various sectors of government. In addition, Congress and the Administration must work to reform the Federal Information Security Management Act of 2002 (FISMA). By streamlining requirements to meet end goals rather than checklists, we can provide greater services to citizens and more secure state data networks.
The National Association of State Chief Information Officers is the premier network and resource for state CIOs and a leading advocate for technology policy at all levels of government. NASCIO represents state chief information officers and information technology executives from the states, territories, and the District of Columbia. The primary state government members are senior officials who have executive level and statewide responsibility for information technology leadership. State officials who are involved in agency level information technology management may participate as state members. Representatives from other public sector and non-profit organizations may also participate as associate members. Private sector firms may join as corporate members and participate in the Corporate Leadership Council. For more information about NASCIO visit www.nascio.org.
AMR Management Services provides NASCIO’s executive staff. For more information about AMR visit www.AMRms.com/.
Director of Government Affairs
National Association of State Chief Information Officers
# # #