Treasury Notes

 Treasury Applauds Launch of Cybersecurity Framework

By: Cyrus Amir-Mokri

With the release of NIST’s Cybersecurity Framework​, the Administration has taken an important step in securing our nation’s critical infrastructure. The Framework enables firms of all sizes to use benchmarks to guide cybersecurity activities and consider cyber risks as part of the organization’s overall risk management processes. Over the past year, Treasury, as the sector specific agency for the financial services sector, has worked closely with the industry, independent financial regulators, and other government partners to provide input and shape the Framework. ​

​The Cybersecurity Framework is a risk-based approach to managing cybersecurity. It consists of methods by which firms might evaluate their risk profile, standards and best practices that they might employ to strengthen cybersecurity, and criteria for firms to judge their application of those standards. For larger firms with already robust cyber risk management, this Framework can serve to highlight specific best practices and standards that might be used. These organizations may also use the Framework to evaluate the cybersecurity of clients and customers. Smaller institutions may use the Framework to better understand their risk profile and establish protocols for ensuring proper controls are in place to meet that profile. 

With the release of the Framework, this week also marks the one-year anniversary of the President’s Executive Order 13636 “Improving Critical Infrastructure Cybersecurity.” Through the implementation of this Order, Treasury has sought ways to increase its engagement with the sector on issues related to cybersecurity. This has involved an elevation of the importance of these matters at the most senior levels of the public and private sector, an increase in information sharing between institutions of all sizes, and a greater integration of operations between our government partners. 

Despite the notable progress we have made over the past year, much work remains. Comprehensive cybersecurity legislation, with the appropriate privacy and liability protections, is necessary to allow for more beneficial information sharing. Through greater collaboration between the public and private sectors, we can maintain vigilance in the face of an ever evolving cyber-threat.

Cyrus Amir-Mokri is the Assistant Secretary for Financial Institutions at the United States Department of the Treasury.
Posted in:  Cybersecurity
Bookmark and Share