Today the National Institute of Standards and Technology published a request for information in the Federal Register (79 FR 50891-50894) concerning information about organizational experiences with the implementation of the Framework for Improving Critical Infrastructure Cybersecurity that was published in February.
Responses to this RFI will help NIST develop tools and resources to help organizations to use the Framework more effectively and efficiently. The information will also be shared with DHS to aid in the implementation of the Critical Infrastructure Cyber Community (C3) Voluntary Program that the Administration developed to encourage organizations to implement the Framework. Finally, the information will help NIST to establish the agenda details of the upcoming Framework review workshop in October 2014.
The RFI is looking for specific information in three broad categories. Within each of those areas NIST proposes a series of questions that it would like to have answered by critical infrastructure organizations, standards setting organizations, and governmental agencies at all levels concerned with cybersecurity issues. Those three categories are:
As we came to expect during the development of the Framework, NIST is not using the Federal eRulemaking Portal for their information collection process. Responses will be sent directly to NIST and may be submitted by email (firstname.lastname@example.org). Responses should be sent by October 10th, 2014. Responses will be published on the NIST Framework web site.