CTIA: Base FCC Cybersecurity Rules on NIST Framework

not harmonized with other federal approaches, such as the Broadband Equity, Access, and Deployment program, and go beyond a requirement to align cybersecurity risk management plans” with the National Institute of Standards and Technology’s cybersecurity framework (CSF) version 2.0. The CSF “is the best vehicle through which to facilitate robust cybersecurity programs: it is well understood by industry and critical infrastructure organizations, it is flexible, and it is future-proof,” CTIA said: “It includes informative references to a range of ‘standards, guidelines, and practices’ to achieve the outcomes laid out in its Functions and their associated Categories and Subcategories, while recognizing that there is no one-size-fits-all approach that is appropriate for cybersecurity risk management in an area as dynamic as cybersecurity.” In addition, the CSF has “international reach and understanding, which is important in an increasingly global cybersecurity environment,” the group said.