CyberSecurity FAQ - What is a cybersecurity framework?

In the context of software-intensive systems the term framework may refer to either a computer/network architecture (i.e., an architecture framework) or a process (i.e., a process framework). Consequently, in the context of software-intensive cybersecurity systems the term cybersecurity framework may apply to either a cybersecurity architecture framework or a cybersecurity process framework, depending upon whether the framework emphasizes architecture elements (e.g., cybersecurity network devices, secure communication protocols) or process activities (e.g., guidelines, best practices).

A prominent example of a cybersecurity process framework is the NIST (National Institute of Standards and Technology) Framework for Improving Critical Infrastructure, first published by NIST in 2014. The NIST cybersecurity process framework was created through collaboration between U.S. government and industry, and consists of industry standards, guidelines, and best practices aimed at protecting critical information infrastructure.

At present, there are no industry-standard cybersecurity architecture frameworks, but there is a proliferation of ad hoc efforts to make computer network architectures more cybersecure by enhancing and extending network architectures with cybersecure hardware, firmware, and software mechanisms.