NIST wants more feedback on cybersecurity framework

The National Institute of Standards and Technology is looking for more information on how its famed cybersecurity framework is being used by the private sector and what changes could be made to it in the future.

In an request for information posted Thursday to the Federal Register, NIST wants to learn how organizations are sharing the framework’s best practices, what parts of the framework are utilized more than others and what sections need to be updated.

“We’re looking forward to receiving feedback on specific questions about its use and how it might be improved,” said Adam Sedgewick, NIST’s senior information technology policy adviser.

The document was crafted after a year-long process and eventually released in 2014.

Earlier this year, cybersecurity experts told FedScoop the framework point has raised the cybersecurity conversation to the boardroom level at major corporations and critical infrastructure providers. Intel Corp. tested the framework at two of its major corporate divisions and found it provided enough benefit that it planned to expand use of it throughout 2015.

Earlier this week, a new survey found that 82 percent of respondents, who worked in IT departments at federal agencies, were using portions of the framework in their own cybersecurity programs.

Feedback gathered from the RFI will be used in developing a workshop on the framework being planned for April 6 and 7, 2016, at NIST’s Gaithersburg, Maryland, campus.

Comments will be accepted until Feb. 9, 2016.