NIST Cybersecurity Framework – latest draft (read as html)

From NIST:


Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President under the Executive Order “Improving Critical Infrastructure Cybersecurity” has directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. The Framework will consist of standards, guidelines, and best practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework will help owners and operators of critical infrastructure to manage cybersecurity-related risk while protecting business confidentiality, individual privacy and civil liberties.

Discussion Draft of the Preliminary Cybersecurity Framework

A Discussion Draft of the Preliminary Cybersecurity Framework for improving critical infrastructure cybersecurity is now available for review. This draft is provided by the National Institute of Standards and Technology (NIST) in advance of the Fourth Cybersecurity Framework workshop on September 11-13, 2013, at the University of Texas at Dallas. In addition, NIST is providing a draft Executive Overview and Illustrative Examples for review.

Participants are asked to review these discussion draft materials in advance of the workshop. The workshop is designed to allow participants to offer substantive input on these versions, as well as on related topics — including implementation and governance of the Framework.

Comments from the public also can be provided via email to cyberframework

Discussion Draft – Preliminary Cybersecurity Framework, August 28, 2013

Discussion Draft – Executive Overview, August, 28, 2013

Discussion Draft – Illustrative Examples, August 28, 2013