ANSI - American National Standards Institute
 Print this article  Previous Next 

NIST Issues RFI on Cybersecurity Framework Use, Potential Updates and Future Management

Comment Period Ends February 9

1/06/2016

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has issued a request for information (RFI) on feedback regarding how its voluntary “Framework for Improving Critical Infrastructure Cybersecurity” is being used, in addition to comments on possible changes to the Framework and its future management. The American National Standards Institute (ANSI) encourages all relevant stakeholders to respond to the RFI by February 9, 2016.

The framework, which was released in 2014 as a result of President Obama’s Executive Order “Improving Critical Infrastructure Cybersecurity,” was created through collaboration between industry and government. It consists of standards, guidelines, and practices to promote the protection of critical infrastructure, and uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on business. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk, NIST reports.

NIST is specifically seeking information on:

  • Ways in which the Framework is being used to improve cybersecurity risk management

  • How best practices for using the Framework are being shared

  • The relative value of different parts of the Framework

  • The possible need for an update of the Framework Options for long-term governance of the Framework

Respondents may organize their submissions using NIST’s RFI Response Template. The comment period ends on February 9, 2015.

ANSI is committed to supporting cybersecurity through the various efforts highlighted in its recently launched cyber portal, www.ansi.org/cyber. See related ANSI cybersecurity news.

AN INTRODUCTION TO STANDARDS: WHY, WHERE AND HOW ARE THEY DEVELOPED?