The US National Institute of Standards and Technology (NIST) has put forward a draft of voluntary standards to help critical industries prevent cyber-attacks.
Responding to the relentless efforts of hackers to get into systems of US banks, financial institutions, power grids and other important infrastructure, the guidelines’ authors have taken into account input from some 3,000 industry and academic experts.
They proposed several steps for companies to protect network assets, and detect, respond and recover from breaches.
President Barack Obama entrusted NIST with compiling the voluntary minimum standards in February this year, aiming to counter the lack of progress on cyber-security legislation in Congress.
Action on bills this year is stalled after the disclosures of vast online US government spying programmes.
"Ultimately what we want to do is we want to turn today's best practices into common and expected practices," NIST Director Patrick Gallagher told reporters, calling the framework "a living document" that is expected to be flexible.
However, some industry insiders have criticised the framework for being too vague and complex, which could put companies off adopting it.
"I understand their problem, they're trying to write something that any industry can apply. As soon as you do that, you're going to get to a very big level of abstraction," said Stewart Baker, a former Department of Homeland Security assistant secretary and now lawyer at Steptoe & Johnson.
"Much of the document is very procedural," he said. "I fear that it won't measurably improve cyber-security without making it more expensive for everybody."