The new NIST framework for improving critical infrastructure cybersecurity provides voluntary security and risk guidelines for government agencies as well as critical infrastructure organizations that serve the government. The new framework is vague by design, but because federal agencies already align to it, the new guidance will have little or no impact on them. Organizations that do business with the federal government, however, need to make sure they understand and adhere to the new NIST requirements or risk losing that segment of their customer base.