Friday, February 12, 2016

NIST Publishes RFI Comment Extension Notice

As I mentioned earlier this week, today the National Institute of Standards and Technology published a notice in the Federal Register (81 FR 7506) announcing the extension of the comment period on their request for information (RFI) on updating the Cybersecurity Framework. The comment period is extended until February 23rd, 2016.

It does not appear that there were any specific requests for extension of the comment period. The notice only mentions that the comment period coincides with “a timeframe in which a variety of cybersecurity events are scheduled to occur”. While a number of cybersecurity professionals do attend many of these events, I really doubt that that is the reason for the very poor comment rate that we have seen to date.

I would like to mention again that NIST has adopted the use of a spread sheet format for submission of comments. Since I also do my own personal reviews of these comments (as my readers are certainly aware) I can attest to the fact that it is much easier to compile comments from this spread sheet format. If you have to include a long expository comment showing your erudition and mastery of the subject matter, please at least take the time to put a brief answer to the questions into the NIST response form. I know that I will only give a cursory scan to your exposition and concentrate on the concise answers in the form.

No comments:

/* Use this with templates/template-twocol.html */