“The National Institute of Standards and Technology (NIST) is seeking information on how its voluntary “Framework for Improving Critical Infrastructure Cybersecurity” is being used, as well as feedback on possible changes to the Framework and its future management. A preview copy of the Request for Information (RFI) was posted to the Federal Register today. The comment period opens tomorrow, Friday, Dec. 11, 2015, and closes Feb. 9, 2016. Developed in response to a 2013 Executive Order, the Framework consists of standards, guidelines and practices that help organizations address cyber risks by aligning policy, business and technological approaches. “The process to develop the Framework brought together both private and public sector organizations and resulted in a document that is being used by a wide variety of organizations,” said Adam Sedgewick, NIST senior information technology policy advisor. “We’re looking forward to receiving feedback on specific questions about its use and how it might be improved.” The Framework was released in February 2014, after a year-long, open process that included input from industry, academia and government agencies at the federal and state levels. An increasing number of organizations that are part of the nation’s critical infrastructure, including the energy and financial sectors, as well as other private and public organizations, have been using the Framework to improve their management of cyber risks.To fulfill its responsibilities under the Cyber Security Enhancement Act of 2014, NIST is committed to maintaining an inclusive approach that incorporates the views of a wide array of individuals, organizations and sectors.”
Sorry, comments are closed for this post.