Critical Infrastructure Protection: Additional Actions Are Essential for Assessing Cybersecurity Framework Adoption

The nation’s critical infrastructure includes the public and private systems and assets vital to national security, economic stability, and public health and safety. Federal policy identifies 16 critical infrastructure sectors, including the financial services, energy, transportation, and communications sectors. To better address cyber-related risks to critical infrastructure, in 2014, the National Institute of Standards and Technology (NIST) developed, as called for by federal law and policy, the Framework for Improving Critical Infrastructure Cybersecurity, a voluntary framework of cybersecurity standards and procedures for industry to adopt. The Cybersecurity Enhancement Act of 2014 included provisions for the U.S. Government Accountability Office (GAO) to review aspects of the cybersecurity standards and procedures in the framework developed by NIST. GAO’s objective was to assess what is known about the extent to which critical infrastructure sectors have adopted the framework. To do so, GAO analyzed documentation, such as sector-specific guidance and tools to facilitate implementation, and interviewed relevant federal and nonfederal officials from the 16 critical infrastructure sectors. GAO is making nine recommendations that methods be developed for determining framework adoption by the sector-specific agencies across their respective sectors, in consultation with their respective sector partner(s), such as the sector coordinating councils, the Department of Homeland Security, and NIST, as appropriate. Five agencies agreed with the recommendations, while four others neither agreed nor disagreed.


  • English

Media Info

  • Media Type: Digital/other
  • Features: Appendices; Figures; References; Tables;
  • Pagination: 51p

Subject/Index Terms

Filing Info

  • Accession Number: 01663122
  • Record Type: Publication
  • Report/Paper Numbers: GAO-18-211
  • Files: TRIS
  • Created Date: Feb 15 2018 4:10PM