Saturday, April 13, 2013

Comments on Incentives To Adopt Improved Cybersecurity Practices – 04-13-13

There have been a number of Federal agencies in the last couple of weeks that have asked for public comments on a wide variety of security related measures that are being covered in this blog. One that hasn’t drawn much in the way of response is the NIST/NTIA request for comments on potential incentives that can be used by the Federal government to encourage the adoption of improved cybersecurity practices outlined in the still to be developed Cybersecurity Framework. To date only one comment has been received and the closing date is just over two weeks away.

The one comment posted on the NTIA web site comes from Brian Rich and deals with the protections provided by the Protected Critical Infrastructure Information Program (PCII). While Brian is correct in that this program does provide for protection from certain disclosure requirements, there are some technical loopholes {including a specific statement that needs to be included in the disclosure document to claim PCII protections, 6 CFR §29.5(a)(3) } that need to be carefully understood by anyone desiring to claim PCII protections.

No comments:

/* Use this with templates/template-twocol.html */