Some notes on Trump's cybersecurity Executive Order
http://blog.erratasec.com/2017/05/some-notes-on-trumps-cybersecurity.html [blog.erratasec.com]
2017-05-12 16:21
The NIST Framework simply documents all the things that organizations commonly do to secure themselves, such run intrusion-detection systems or impose rules for good passwords.
Password rules are a good example. Organizations typically had bad rules, such as frequent changes and complexity standards. So the NIST Framework documented them. But cybersecurity experts have long opposed those complex rules, so have been fighting NIST on them.