"The Commerce Department has a critical role to play in helping American businesses address their cybersecurity issues and risks," Rebecca Blank, deputy secretary of Commerce, said. "Protecting our businesses and systems from attacks, while also ensuring that new voluntary standards allow the flexibility for innovation, is crucial to ensuring our economy can continue to grow."
NIST issued the RFI in response to an executive order, issued earlier in February by President Barack Obama, which called for the creation of a framework designed to help safeguard critical infrastructure - including power plants, and water systems, as well as transportation and communications networks - from risks associated with cyberattacks. The framework is expected to include a set of voluntary standards, as well as a roadmap containing recommendations related to encryption, security engineering, asset protection, and other relevant topics for organizations seeking to bolster their cybersecurity practices. The full executive order, titled "Improving Critical Infrastructure Cybersecurity," is available here.
The RFI can be accessed here on the website of the Federal Register. Comments on the RFI are due by 5 p.m. ET on Monday, April 8, 2013; all comments should be sent to cyberframework@nist.gov and include the title of the RFI in the subject line.
