The National Institute of Standards and Technology, or NIST, published a request for information, or RFI. The NIST is seeking information on the “Framework for Improving Critical Infrastructure Cybersecurity” (the “Framework”). NIST is seeking information from industry, government and academia.
As directed by Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the “Executive Order”), the Framework consists of standards, methodologies, procedures and processes that align policy, business and technological approaches to address cyber risks. The Framework was released on February 12, 2014, after a year-long open process involving private and public sector organizations, including extensive industry input and public comments. In order to fulfill its responsibilities under the Cyber Security Enhancement Act of 2014, NIST is committed to maintaining an inclusive approach, informed by the views of a wide array of individuals, organizations, and sectors.
NIST requests information about the variety of ways in which the Framework is currently being used to:
- Improve cybersecurity risk management;
- The variety of ways in which the Framework is being used
- How best practices for using the Framework are being shared and might be enhanced;
- The relative value of different parts of the Framework;
- The possible need for an update of the Framework; and
- Options for the long-term governance of the Framework.
This information is needed in order to carry out NIST’s responsibilities under the Cybersecurity Enhancement Act of 2014 and the Executive Order.
Responses to this RFI will be posted at http://www.nist.gov/cyberframework/cybersecurity-framework-rfi.cfm
The information garnered will inform NIST’s planning and decision-making about how to further advance the Framework so that the Nation’s critical infrastructure is more secure by enhancing its cybersecurity and risk management.
All information provided will also assist in developing the agenda for a workshop on the Framework being planned by NIST for April 6 and 7, 2016, in Gaithersburg, Maryland. Specifics about the workshop will be announced at a later date.
Comments must be received by 5:00 p.m. Eastern time on February 9, 2016.
Comments containing references, studies, research, and other empirical data that are not widely published should include copies of the referenced materials. Do not include in comments or otherwise submit proprietary or confidential information, as all comments received in response to this RFI will be made available publicly at http://www.nist.gov/cyberframework/cybersecurity-framework-rfi.cfm.
Respondents may organize their submissions in response to this RFI using the template available at http://www.nist.gov/cyberframework/cybersecurity-framework-rfi.cfm.
Written comments may be submitted by mail to Diane Honeycutt, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899. Online Submission sent to cyberframework@nist.gov in any of the following formats: HTML; ASCII; Word; RTF; or PDF.
This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.
