ANSI - American National Standards Institute
 Print this article  Previous Next 

NIST Issues Call for Public Comment on Cybersecurity Framework Document


New York, Oct 25, 2007

The National Institute of Standards and Technology (NIST) has issued a call for public comment on Special Publication 800-39, Managing Risk from Information Systems: An Organizational Perspective.

Part of a series of security standards and guidelines developed by NIST under the Federal Information Security Management Act, the new cybersecurity framework document provides guidance on a variety of important information security issues, including:

  • organization-wide perspectives on managing risk from information systems
  • risk-based protection strategies
  • trustworthiness of information systems and trust relationships among organizations
  • managing risk from external providers
  • managing risk related to the operation and use of information systems
  • use of the risk executive function

The document also provides guidance on the framework’s application, helping to ensure that information security is tightly integrated into the mission and business functions of organizations.

The draft document is available for review here. Comments will be accepted from October 29 through December 14, 2007, and may be emailed to sec-cert@nist.gov, or mailed to NIST at 100 Bureau Drive (Mail Stop 8930), Gaithersburg, MD 20899.

Standards Portal