Commerce to Reschedule Release Of Draft Cybersecurity Framework

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Alexei Alexis  

Oct. 10 --As a result of the partial government shutdown, the Department of Commerce must delay publication of a draft cybersecurity framework for the private sector, the agency said.

The department faced an Oct. 10 deadline set under an executive order signed by President Barack Obama earlier this year.

“The continued closure of the government has impacted our ability to conduct the final clearance process on the Cybersecurity Framework,” the agency said Oct. 10 in a statement. “We will reevaluate the release date when government operations are fully restored.”

Under Obama's order, the National Institute of Standards and Technology, a division of Commerce, was charged with leading the development of a framework with voluntary cybersecurity standards for U.S. owners and operators of “critical infrastructure,” such as power plants and water systems .

The draft framework was expected to be published in the Federal Register for public comment. A final version is due by February 2014.

NIST released a preliminary draft framework for discussion at a Dallas workshop in September .

The Department of Homeland Security is expected to coordinate the development of a program with incentives to promote the framework, once it has been finalized. Preliminary recommendations unveiled by the White House in August explored the possibility of tying the framework to such incentives as liability protections, grants, cyberinsurance and government contracts .

The White House plan also requires a review of existing cybersecurity regulations to determine whether they are adequate in light of the final framework.


To contact the reporter on this story: Alexei Alexis in Washington at

To contact the editor responsible for this story: Heather Rothman at

Request Bloomberg Law: Privacy & Data Security