Why you can’t decide (And what to do about it)
May 27, 2016
Commentary: The rapidly changing digital world can leave tech executives feeling overwhelmed when they're faced with charting the course of their company's cybersecurity strategy.
David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.
The National Institute of Standards and Technology posted an initial analysis of the more than 200 comments submitted to the Request for Information on the cybersecurity framework developed under the cybersecurity executive order.
NIST has made the initial analysis available as a status update to provide background for a workshop later this month where the framework will be further discussed.
The executive order on improving critical infrastructure cybersecurity calls on NIST to work with industry to develop a voluntary framework to reduce cybersecurity risks to the nation’s critical infrastructure systems, including power, water, communication and other critical systems.
According to NIST, the first step toward drafting the framework was soliciting information from industry and the public through an RFI. Comments on that RFI were due in early April.
Charles Romine, director of NIST’s Information Technology Lab, is heading up NIST’s work on this effort. In a recent interview with FedScoop, he promised the framework would be delivered on time and be actionable.
When completed, the framework will provide a working set of guidelines for industry and government to share information about cyber threats to protect the nation's most vital assets.