In the context of software-intensive systems the term framework
may refer to either a computer/network architecture (i.e., an architecture framework
) or a process (i.e., a process framework
). Consequently, in the context of software-intensive cybersecurity systems the term cybersecurity framework
may apply to either a cybersecurity architecture framework
or a cybersecurity process framework
, depending upon whether the framework emphasizes architecture elements (e.g., cybersecurity network devices, secure communication protocols) or process activities (e.g., guidelines, best practices).
A prominent example of a cybersecurity process framework
is the NIST (National Institute of Standards and Technology) Framework for Improving Critical Infrastructure
, first published by NIST in 2014. The NIST cybersecurity process framework was created through collaboration between U.S. government and industry, and consists of industry standards, guidelines, and best practices aimed at protecting critical information infrastructure.
At present, there are no industry-standard cybersecurity architecture frameworks
, but there is a proliferation of ad hoc efforts to make computer network architectures more cybersecure by enhancing and extending network architectures with cybersecure hardware, firmware, and software mechanisms.