Critical infrastructure is the basic functions and services provided by country for people's daily life so that people's livelihood, economy and government operations can be maintained. These infrastructures such as communications, finance, electricity, water, and medical services are indispensable. If the operations of these infrastructures are disrupted, it will cause damage to public services, people's life, and national security. The attack on Master Boot Record (MBR) on March 20, 2013 in Korea resulted in the breach of information security which caused the failure of a total of over 48,000 servo machines, computers and cash machines of financial networks and paralyzation of three broadcast networks. This cyber incident has raised the question of ＂the initial war is the final war; the first battle is the decisive battle.＂ The issues of attack and defense of networks and Critical Information Infrastructure Protection (CIIP), therefore, have been seriously addressed and discussed. In view of the importance of cybersecurity for critical infrastructure, the policy, standards, and regulations of CIIP have become major political issues in advanced countries. Likewise, in Taiwan, the Critical Infrastructure Protection Act has also been researched. The whole preparation course of standardization and legalization of CIIP from PDD-63 on May 22, 1998 to President Barack Obama's PPD-21 on February 12, 2013 in the United States is a good reference. Based on this reference, the entire evolution of American CIIP, and the processes of its ISO standardization on comprehensive framework of information sharing and protection of personal data was complied. Based on Taiwan's national situation, this study conducts investigation and observation and proposes policy recommendations.