This week saw an interesting update of the NIST
Cybersecurity Framework web site. The main portion of the page was
significantly truncated, removing all of the information about the processes
leading up to the publication of the Preliminary Cybersecurity Framework. Links
to this information are provide in the ‘Additional Information’ section in the
right-side column on the site.
e-Books
Another interesting change was the addition of a link to an e-book
version of the Preliminary Cybersecurity Framework. This is part of an NIST experiment in
the publication of e-book versions of important documents. There is not yet an
e-book standard format and NIST notes that their format will not work on all
combinations of applications and devices. They have been successfully tested on
“ iBooks app on an iPad2, and the Kobo and Moon+ readers on a Samsung
Galaxy Tab and ASUS Nexus 7” but there may be problems on some Kindle’s®.
CSF Comments
Almost a month ago, NIST established the web site where they
will be publishing comments. To date there is nothing posted to that site. I do
not think that that is because there have been no comments submitted (sorry
about the double negative), but rather due to the way that NIST will be analyzing
the comments. As I noted in my
earlier post on the publishing of the CSF in the Federal Register, the
format for submitting comments will make it very easy to compile and analyze
the comments, but it would make it rather tedious for outside readers to look
through all of those forms to get an idea of how the public is responding to
the Cybersecurity Framework.
Personally I would rather have a chance to peruse them as
they are submitted so that I could do a weekly take on what is being said,
rather than have to go through them all at once at the end of the submission
process. This apparent methodology of delaying the printing of the comments
also limits the possibility for people to respond to previously published
comments.
5TH
Workshop
For those of us who could not get to this week’s workshop in
North Carolina, NIST has posted links to web casts of the morning sessions made
by North Carolina State University (Note: The audio portion of the presentations
is poor in many places). These were mainly panel discussions, which included
• Preliminary Cybersecurity
Framework Overview (Day
1; 0:22);
• Privacy and Civil Liberties (Day
1; 1:50);
• ISA Presentation (Day
2: 0:01)
• Perspectives from Telecom Sector
(Day
2; 0:11);
• Adoption Considerations for the
Framework (Day
2; 1:28); and
• Next Steps (Day
2; 2:21)
The only place where there is any significant mention of
industrial control system security is during the ISA presentation. It focuses
on the work of ISA99 Committee developing standards for cybersecurity for
industrial control systems.
It would have been nice to have a web cast of the break out
groups, but that would not have been practical. The problems with getting
releases from all of the participants and difficulties of getting good sound
from those discussions would have been problematic.
Posts
No comments:
Post a Comment