Today the National Institute for Standards and Technology
(NIST) published a request for information (RFI) in the Federal Register (80 FR
76934-76936) seeking information on the “Framework for Improving Critical
Infrastructure Cybersecurity” (Cybersecurity Framework – CSF). This is part
of an on-going effort by NIST to improve the efficacy and employment of the
CSF.
According to the RFI the CSF consists of standards,
methodologies, procedures, and processes that align policy, business, and
technological approaches to address cyber risks. It was published
in February 2014 after a publicly inclusive
process in a series of meetings and workshops over the period of a year. A subsequent RFI was
published in August of 2014 to gauge how the CSF was being put into use by the
private sector.
In today’s RFI NIST is seeking specific
information about the variety of ways in which the Framework is being used and
the relative value of different parts of the Framework, the possible need for
an update of the Framework, how best practices for using the Framework are
being shared and might be enhanced, and the long-term governance of Framework.
Specifically, NIST is looking for information regarding:
• Use of the CSF (9 specific questions);
• Possible CSF updates (6 specific questions);
• Sharing information using the CSF
(4 specific
questions); and
• Private sector involvement in the future governance
of the CSF (6
specific questions)
NIST continues to use their own internal comment submission
process rather than using the Federal eRulemaking Portal. NIST requests that
users use their EXCEL®
based template for submitting comments. This has proven a very successful
technique that allows NIST to turn around the processing and cataloging of
large numbers of comments in a very short time. Comments may be submitted via
email to cyberframework@nist.gov.
NIST is requesting that comments be submitted by February 9th, 2016.
Posts
No comments:
Post a Comment