U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Framework for Improving Critical Infrastructure Cybersecurity

NCJ Number
Date Published
February 2014
41 pages
In compliance with the President's Executive Order 13636, "Improving Critical Infrastructure Cybersecurity" (February 12, 2013), the Federal Government and the private sector have collaborated in creating a voluntary risk-based Cybersecurity Framework that uses a common language in addressing and managing cybersecurity risk based on business needs and without placing additional regulatory requirements on businesses.
The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors. They provide detailed guidance for developing individual organizational Profiles. Through the use of the Profiles, the Framework will assist the organization to align its cybersecurity activities with its business requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk. The Executive Order also requires that the Framework include a methodology for protecting individual privacy and civil liberties when critical infrastructure organizations conduct cybersecurity activities. The Framework can assist organizations in incorporating privacy and civil liberties as part of a comprehensive cybersecurity program. The Framework enables organizations - regardless of size, degree of cybersecurity risk, or cybersecurity sophistication - to apply the principles and best practices of risk management in order to improve the security and resilience of critical infrastructure. In addition, because it references globally recognized standards for cybersecurity, the Framework can also be used by organizations located outside the United States, serving as a model for international cooperation in strengthening critical infrastructure cybersecurity. 2 tables, 2 figures, and appended Framework Core