There have been a number of Federal agencies in the last
couple of weeks that have asked for public comments on a wide variety of
security related measures that are being covered in this blog. One that hasn’t
drawn much in the way of response is the NIST/NTIA
request for comments on potential incentives that can be used by the
Federal government to encourage the adoption of improved cybersecurity
practices outlined in the still to be developed Cybersecurity Framework. To
date only one comment has been received and the closing date is just over two
weeks away.
The one comment posted on the NTIA
web site comes from Brian Rich and deals with the protections provided by
the Protected Critical Infrastructure Information Program (PCII). While Brian
is correct in that this program does provide for protection from certain
disclosure requirements, there are some technical loopholes {including a
specific statement that needs to be included in the disclosure document to
claim PCII protections, 6
CFR §29.5(a)(3) } that need to be carefully understood by anyone desiring
to claim PCII protections.
Posts
No comments:
Post a Comment