- The National Institute for Standards and Technology (NIST) continues to work with stakeholders to develop a voluntary framework for reducing cyber risks. The framework is being developed explicitly to reduce risks to the critical infrastructure, but can be applied by other organizations to improve their readiness to deal with increasing cybersecurity risks in all industries, including the health sector.
NIST will hold a workshop to discuss the Preliminary Framework—including implementation, governance and privacy and civil liberties—on November 14 and 15, 2013, at North Carolina State University.
NIST has already requested information and held a series of workshops throughout the year, gathering thoughts on practices, standards, and guidelines from over 3,000 participants.
NIST is still searching for input from the health sector, and is seeking insight from those who have operational, managerial, and policy experience and responsibilities for cybersecurity, technology and/or standards development for Critical Infrastructure companies and others in the health care sector dealing with cybersecurity risks.
The Preliminary Framework can be customized and adapted by an array of organizations, including healthcare facilities, while offering consistent steps toward cybersecurity. Users can identify their current and target cybersecurity positions , and prioritize steps to take toward improving risk management and achieving cybersecurity goals.