NIST posts initial analysis on cyber framework
The National Institute of Standards and Technology posted an initial analysis of the more than 200 comments submitted to the Request for Information on the cybersecurity framework developed under the cybersecurity executive order.
NIST has made the initial analysis available as a status update to provide background for a workshop later this month where the framework will be further discussed.
The executive order on improving critical infrastructure cybersecurity calls on NIST to work with industry to develop a voluntary framework to reduce cybersecurity risks to the nation’s critical infrastructure systems, including power, water, communication and other critical systems.
According to NIST, the first step toward drafting the framework was soliciting information from industry and the public through an RFI. Comments on that RFI were due in early April.
Charles Romine, director of NIST’s Information Technology Lab, is heading up NIST’s work on this effort. In a recent interview with FedScoop, he promised the framework would be delivered on time and be actionable.
When completed, the framework will provide a working set of guidelines for industry and government to share information about cyber threats to protect the nation’s most vital assets.
Information on the second Cybersecurity Framework Workshop, which will be held May 29-31, at Carnegie Mellon University in Pittsburgh, Pa., can be found here.