Earlier this week NIST did a complete revamp of their
Cybersecurity Framework (CSF) home page. There is less information directly on
the page but there are still active links to all of the developmental
information from the old site.
It looks like NIST is getting ready for the publication of
the final version of CSF. No word yet when that will be (to be fair the comment
period just ended a little over a week ago) but the deadline that was
established in EP 13636
was one year or February 19th, 2014. That deadline does not carry
the force of law; the Director of NIST only has to keep his boss, the Secretary
of Commerce, happy. In this case that means the keeping the President satisfied
that work is progressing with reasonable dispatch.
We’ve already seen how much the President is holding the
chemical folks to their deadlines on the Chemical Safety and Security EO, or
the National Archives and Records Administration on the Sensitive But Unsecure
Information EO deadlines. If NIST can
get a document into the Federal Register by June, the President will probably
be real happy. Unless, of course there is a major critical infrastructure breach,
then all bets are off.
QUESTION: Why isn’t 40 million compromised bank accounts
(ala Target) a major breach? It’s only
money.
Posts
No comments:
Post a Comment