Emergency Services Sector Cybersecurity Framework Implementation Guidance
The National Institute of Standards and Technology (NIST) released the voluntary Framework for Improving Critical Infrastructure Cybersecurity (Framework) in February 2014 to provide a common language that critical infrastructure organizations can use to assess and manage their cybersecurity risk. The Framework enables an organization—regardless of its sector, size, degree of risk, or cybersecurity sophistication—to apply the principles and effective practices of cyber risk management to improve the security and resilience of its critical infrastructure.
The Cybersecurity and Infrastructure Security Agency (CISA), as the Sector Risk Management Agency (SRMA) for the Emergency Services Sector (ESS), worked with the Emergency Services Sector Coordinating Council (SCC) and Government Coordinating Council (GCC) to develop the Emergency Services Sector Cybersecurity Framework Implementation Guidance specifically for ESS organizations. This Implementation Guidance provides Emergency Services Sector organizations with:
- Background on the Framework terminology, concepts, and benefits of its use.
- A mapping of existing cybersecurity tools and resources used in the Emergency Services Sector that can support Framework implementation.
- Detailed Framework implementation steps tailored for Emergency Services Sector owners and operators.