We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

NIST Seeks Information on Cybersecurity Framework Experience

Harriet Pearson

Harriet Pearson,

Washington, D.C.

Paul Otto

Paul Otto,

Washington, D.C.

22 August 2014
Six months after release of the Framework for Improving Critical Infrastructure Cybersecurity (Framework), on August 21 the National Institute of Standards and Technology (NIST) put forward a draft Request For Information (RFI) to learn more about experiences with and effectiveness of the Framework. Through the RFI process, NIST seeks to better understand how organizations in all critical infrastructure sectors are approaching and making specific use of the Framework. Responses to the RFI are expected to shape the agenda for NIST’s 6th Cybersecurity Framework Workshop, its first following the Framework’s release.
NIST Seeks Information on Cybersecurity Framework Experience

In the RFI, NIST seeks to understand public awareness of the Framework, and asks whether the Framework has gained the traction needed to be a factor in how organizations manage cyber risks. NIST also inquires about implementation of the Framework, the benefits and challenges to adoption, and whether some sectors require additional sector-specific guidance prior to use. Overall, the RFI includes nineteen specific questions covering the major areas for which NIST seeks public comment, although NIST welcomes broader comments on the “degree of awareness and voluntary use and subsequent improvement of the Framework.”

The RFI presents another important opportunity for industry to shape the Framework’s direction and guide its development. Whether an organization decides to use the Framework, organizations can expect to see the Framework’s structure and approach to influence cybersecurity-related expectations in board rooms and among policymakers.

The RFI is expected to appear in the Federal Register next week. Upon publication, organizations will have forty-five days to file comments. NIST seeks comments from all critical infrastructure sectors, but also invites submissions from other audiences, including standard-setting organizations, solution providers, other members of industry, and consumers.

For an in-depth analysis of the NIST Cybersecurity Framework, click here.

Jared Bomberg, an associate in our Washington, D.C. office, contributed to this entry.

Harriet Pearson

Harriet Pearson,

Washington, D.C.

Paul Otto

Paul Otto,

Washington, D.C.

Cybersecurity in the Health Sector

The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...

02 May 2016
Loading data