As part of Executive Order (EO) 13636, the Department of Homeland Security (DHS) launched the Critical Infrastructure Cyber Community or C³ (pronounced “C Cubed”) Voluntary Program to assist the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (the Framework), released in February 2014. The C³ Voluntary Program was created to help improve the resiliency of critical infrastructure’s cybersecurity systems by supporting and promoting the use of the Framework.
The C³ Voluntary Program Outreach and Messaging Kit includes informational materials provided in PDF format for easy printing and/or electronic distribution to help educate stakeholders about the C³ Voluntary Program.
Access the C³ Voluntary Program Outreach and Messaging Kit.
The United States depends on critical infrastructure every day to provide energy, water, transportation, financial systems, and other capabilities that support our needs and way of life. Over the years, improvements in technology have allowed these capabilities to evolve, with most critical infrastructure now dependent on cyber systems to run more efficiently and effectively.
With this increased reliance on cyber-dependent systems, however, come increased threats and vulnerabilities. Protecting the cybersecurity of our critical infrastructure is a top priority for the Nation, and in February 2013 the President signed EO 13636: Improving Critical Infrastructure Cybersecurity. One of the major components of EO 13636 is the development of the Framework by NIST to help critical infrastructure sectors and organizations reduce and manage their cyber risk.
The C³ Voluntary Program helps sectors and organizations that want to use the Framework by connecting them to existing cyber risk management capabilities provided by DHS, other U.S. Government organizations, and the private sector. At the time of launch, available resources will primarily consist of DHS programs, which will grow to include cross sector, industry, and state and local resources.
The C³ Voluntary Program’s launch in February 2014 coincides with the release of the final Framework. The C³ Voluntary Program’s focus during the first year will be engagement with Sector-Specific Agencies (SSAs) and organizations using the Framework to develop guidance on how to implement the Framework. Later phases of the C³ Voluntary Program will broaden the program’s reach to all critical infrastructure and businesses of all sizes that are interested in using the Framework.
The C³ Voluntary Program focuses on three major activities:
The C³ Voluntary Program will assist stakeholders with understanding use of the Framework and other cyber risk management efforts, and support development of general and sector-specific guidance for Framework implementation. The C³ Voluntary Program will also work with the 16 critical infrastructure sectors to develop sector-specific guidance, as needed, for using the Framework.
Outreach and Communications
The C³ Voluntary Program will serve as a point of contact and customer relationship manager to assist organizations with Framework use, and guide interested organizations and sectors to DHS and other public and private sector resources to support use of the Cybersecurity Framework.
The C³ Voluntary Program encourages feedback from stakeholder organizations about their experience using C³ Voluntary Program resources to implement the Framework. The C³ Voluntary Program works with organizations to understand how they are using the Framework, and to receive feedback on how the Framework and the C³ Voluntary Program can be improved to better serve organizations. Feedback about the Framework will also be shared with NIST, to help guide the development of the next version of the Framework and similar efforts.
If you are interested in providing feedback, please email us at firstname.lastname@example.org.