NIST seeks comments on cybersecurity framework
- By Mark Pomerleau
- Dec 15, 2015
The National Institute of Standards and Technology wants feedback on its voluntary Framework for Improving Critical Infrastructure Cybersecurity.
The framework, published in 2014, includes standards, guidelines and practices that help organizations address cyber risks by aligning policy, business and technological approaches. It was created with input from 3,000 people across industry, academia and government.
“The process to develop the framework brought together both private and public sector organizations and resulted in a document that is being used by a wide variety of organizations,” said Adam Sedgewick, NIST senior information technology policy advisor. “We’re looking forward to receiving feedback on specific questions about its use and how it might be improved.”
Besides information on the framework’s use, NIST wants to know the relative value of its different parts, the potential need for updates, how best practices are being shared and options for long-term management of the framework, the request for information said.
According to a recent survey of 150 IT and security professionals in the federal government, 82 percent said their agencies are either fully or partially implementing the framework.
The feedback NIST receives from the RFI will help it plan further advances to the framework and develop an agenda for a workshop scheduled for April 6 and 7. The comment period for the RFI ends Feb. 9, 2017.
For more information and a form for submitting comments on the RFI, visit the framework website.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.