While most of the cybersecurity community was focused over at the NIST web site today to see the official roll-out (on time I reluctantly add) of the Cybersecurity Framework, there was an equally important set of cybersecurity information being rolled out over on the DHS web site. DHS is, after all, is going to be the federal agency responsible for ‘overseeing’ the implementation of the Cybersecurity Framework.
It started off this afternoon with a blog post by Suzanne Spaulding, the Acting Under Secretary for the National Protection and Programs Directorate. In that post she recapped the evolution of the Cybersecurity Framework under the auspices of NIST and announced the DHS supporting program the C3 Voluntary Program.
The three C’s of C3 represent actions to be taken by DHS to support industry in increasing cyber resilience, to increase awareness and use adoption of the Cybersecurity Framework, and encourage organizations to manage cybersecurity as part of an all hazards approach to enterprise risk management. They stand for:
• Converging critical infrastructure community resources;
• Connecting critical infrastructure stakeholders; and
• Coordinating critical infrastructure cross sector efforts
C3 Voluntary Program
This new DHS effort is outlined in a new web site under the auspices of US-CERT. This site is intended to be an information resource for the cybersecurity community. The landing page provides a brief overview of the program and links to the other pages on the site. They include:
There is a lot of information on these six pages, and I expect that more will be coming. Over the next couple of days, I will be looking at some of that information in more detail.