NIST Seeks Input from Stakeholders on Infrastructure Cybersecurity Framework

The National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce (DOC), recently issued an official Request for Information (RFI) in the U.S. Federal Register regarding cybersecurity needs related to critical infrastructure. The RFI, titled "Developing a Framework to Improve Critical Infrastructure Cybersecurity," solicits recommendations and other input from relevant stakeholders, including infrastructure owners, standards developing organizations, state and local governments, and other interested parties.

"The Commerce Department has a critical role to play in helping American businesses address their cybersecurity issues and risks," Rebecca Blank, deputy secretary of Commerce, said. "Protecting our businesses and systems from attacks, while also ensuring that new voluntary standards allow the flexibility for innovation, is crucial to ensuring our economy can continue to grow."

NIST issued the RFI in response to an executive order, issued earlier in February by President Barack Obama, which called for the creation of a framework designed to help safeguard critical infrastructure - including power plants, and water systems, as well as transportation and communications networks - from risks associated with cyberattacks. The framework is expected to include a set of voluntary standards, as well as a roadmap containing recommendations related to encryption, security engineering, asset protection, and other relevant topics for organizations seeking to bolster their cybersecurity practices. The full executive order, titled "Improving Critical Infrastructure Cybersecurity," is available here.

The RFI can be accessed here on the website of the Federal Register. Comments on the RFI are due by 5 p.m. ET on Monday, April 8, 2013; all comments should be sent to [email protected] and include the title of the RFI in the subject line.