Aug. 26 — The National Institute of Standards and Technology Aug. 26 launched a 45-day comment period on the private sector's experience so far with using the agency's cybersecurity framework (79 Fed. Reg. 50,891, 8/26/14).
The information gathered by NIST through a request for information published in the Federal Register will affect the agency's decisions about possible tools and resources to help organizations use the framework more effectively, according to an Aug. 22 statement by NIST.
“We've seen organizations approach the framework in different ways,” NIST Senior Policy Analyst Adam Sedgewick said in the NIST statement. “Some are using it to start conversations within their organizations or across their sectors, others to create detailed cyber risk management plans. We want to hear from all stakeholders to understand how they've used the framework, how it's been helpful, and where challenges may lie.”
An executive order signed by President Barack Obama in 2013 required NIST, a division of the Department of Commerce, to develop a framework consisting of voluntary cybersecurity best practices for U.S. “critical infrastructure” sectors, such as banks and telecommunications providers.
In February, NIST issued a final framework, and the Department of Homeland Security set up a new program to assist interested companies with implementation.
Although the framework is focused on the nation's critical infrastructure, it is designed to improve cybersecurity practices across all industries and by all types of organizations, according to the request for information. The framework is intended for voluntary industry adoption, although it was crafted to be compatible with existing regulatory authorities and regulations, NIST said.
In addition to helping NIST with considering new tools and resources, responses to the request for information are also expected to frame the discussion at a cybersecurity framework workshop that is scheduled to be held by the agency Oct. 29-30 in Tampa, Fla. Comments will also inform the DHS program, NIST said.
Questions posed in the request for information include:
• Which sectors and organizations are actively planning to, or already are, using the framework, and how?
• Has the framework helped organizations to understand the importance of managing cybersecurity risk?
• What benefits have been realized by early experiences with the framework?
• Have organizations using the framework integrated it with their broader enterprise risk management program?
• What are the greatest challenges and opportunities for NIST, the federal government more broadly and the private sector when it comes to improving awareness of the framework?
• To what extent are federal regulators aware of the framework and taking “visible actions” reflecting such awareness?
All responses will be posted on NIST's website after the comment period closes Oct. 10, the agency said.
The request for information is available at http://www.gpo.gov/fdsys/pkg/FR-2014-08-26/pdf/2014-20315.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).