NIST
The National Institute of Standards and Technology (NIST) developed the Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) in response to Executive Order 13636. The framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk. OverDrive has aligned its existing security controls with this framework to augment its security program. These controls are tested regularly.
What is the primary purpose of this initiative?
Provide an additional assurance point for OverDrive's security readiness.
What is the scope?
The NIST Framework is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors. This systematizes adoption of security guidance that facilitates individual alignment of cybersecurity activities with business requirements, risk assessments, and resources.
How often are you evaluated?
The security controls aligned with the NIST Cybersecurity Framework are tested annually.
Who is the primary audience?
Anyone that requires OverDrive's alignment with NIST, or similar security practices framework, as part of their review of OverDrive's security readiness.