The U.S. Commerce Department's National Institute of Standards and Technology (NIST) has issued a request for information (RFI) on feedback regarding how its voluntary "Framework for Improving Critical Infrastructure Cybersecurity" is being used, in addition to comments on possible changes to the Framework and its future management. The American National Standards Institute (ANSI) encourages all relevant stakeholders to respond to the RFI by February 9, 2016.
The framework, which was released in 2014 as a result of President Obama's Executive Order "Improving Critical Infrastructure Cybersecurity," was created through collaboration between industry and government. It consists of standards, guidelines, and practices to promote the protection of critical infrastructure, and uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on business. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk, NIST reports.
NIST is specifically seeking information on:
Ways in which the Framework is being used to improve cybersecurity risk management
How best practices for using the Framework are being shared
The relative value of different parts of the Framework
The possible need for an update of the Framework Options for long-term governance of the Framework
Respondents may organize their submissions using NIST's RFI Response Template. The comment period ends on February 9, 2015.