White House Releases Final Cybersecurity Framework, Providing Guidance on Managing Cyber Risk

On February 12, 2014, the White House released the final version of the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST). The Framework, which was required under the executive order President Obama issued last February after Congress failed to pass cybersecurity legislation, consists of information security standards, guidelines, and best practices to promote the protection of critical infrastructure. In large part, the final Framework tracks the preliminary Framework NIST released for comment last fall, with one notable exception: the draft Framework contained a separate appendix devoted to data privacy and security that has been removed in the final Framework. Although the Framework itself is voluntary, the standards articulated in the Framework could become mandatory for some owners and operators of critical infrastructure and may also impact a number of other industries.