New public sector report from Telos reveals 83 percent favor federal mandate of NIST cybersecurity framework
Telos Corporation, based in Ashburn, VA, released on September 26 the 2017 Public Sector Cyber Risk Management Report. The report details the findings of a survey conducted at the Amazon Web Services (AWS) Public Sector Summit, held in June 2017, which captured 257 responses from attendees, the majority of whom were federal employees or contractors.
Data from the survey reveals strong support for the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as 83 percent of federal employees and contractors said they favored the NIST CSF being mandated across federal agencies, which was a critical part of the President’s Cyber Executive Order in May 2017. Overall, 88 percent of respondents said that the NIST CSF “effectively helps organizations manage risk.”
“The NIST CSF provides a roadmap for federal agencies and organizations to develop a robust cyber risk management plan that can evolve as quickly as threats do,” said Richard Tracy, CSO, Telos. “The level of support for the NIST CSF shows that federal agencies and contractors are keenly aware that managing cyber risk is a critical issue at every level of an organization.”
Respondents overwhelmingly indicated support for the CSF as a common set of standards used across government and industry, with a remarkable 95 percent saying that organizations would benefit. 89 percent of respondents regard cyber risk management as “critically important” to their ability to achieve the goals and mission of their organization.
Despite the support for embracing universal cybersecurity standards, the survey revealed concerns related to compliance in the cloud. In particular, two potential barriers to adoption of frameworks bubbled up—46 percent said their biggest cloud compliance challenge is time, while 45 percent said compliance is too complex.
“Respondents made it clear that compliance challenges remain on their minds as they shift to cloud and begin or continue the implementation of the NIST CSF,” said Tracy. “However, I look at these challenges as an opportunity for organizations to streamline the compliance process through automation to allow a more efficient and strategic way to embrace standards.”