|(From Cover of National Infrastructure Protection Plan - http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf)|
- include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks.
- shall incorporate voluntary consensus standards and industry best practices to the fullest extent possible.
- shall be consistent with voluntary international standards when such international standards will advance the objectives of this order.
- shall provide a prioritized, flexible, repeatable,
performance-based, and cost-effective approach, including information security
measures and controls, to help owners and operators of critical infrastructure
identify, assess, and manage cyber risk.
- shall focus on identifying cross-sector security standards
and guidelines applicable to critical infrastructure.
- will also identify areas for improvement that should be
addressed through future collaboration with particular sectors and
- should provide guidance that is technology neutral and
enables critical infrastructure sectors to benefit from a competitive market
for products and services that meet the standards, methodologies, procedures
and processed developed to address cyber risks.
- shall include guidance for measuring the performance of an entity in implementing the Cybersecurity Framework.
- Describe their current cybersecurity posture
(and a semblance of maturity level)
- Describe their target state for cybersecurity
- Identify and prioritize opportunities for
cybersecurity improvement within the context of risk management
- Assess progress toward the target state, and
- Foster communications among internal and external stakeholders.