NIST Analysis of Cyber Security Framework

Wednesday, May 22, 2013 @ 04:05 PM gHale


An initial analysis of hundreds of comments submitted by industry and the public related to President Obama’s “Improving Critical Infrastructure Cybersecurity” Executive Order, issued Feb. 12, is now available.

The initial analysis available as a status update and to help provide background for a workshop later this month to discuss the cyber security framework, said officials at the National Institute of Standards and Technology (NIST).

RELATED STORIES
Federal Security Guidelines Reworked
Firing Up a Security Framework
Obama Inks Cyber Security Order
Hackers ‘Declare War’ on U.S.

The Executive Order calls for NIST to work with industry to develop a voluntary framework to reduce cyber security risks to the nation’s critical infrastructure, which includes power, water, communication and other critical systems.

The first step toward drafting the framework was soliciting information on current risk management policies, existing standards and guidelines, and specific industry practices from stakeholders through a Request for Information (RFI). These comments were due April 8. NIST received more than 200 responses and posted them publicly.

NIST’s approach to analyzing the input from the RFI, as well as identification of the common cyber security framework themes that emerged as a result of the analysis, is in the paper, “Initial Analysis of Cybersecurity Framework RFI Responses.” In addition to identifying and describing the common themes, this paper provides questions for stakeholders to consider.

Click here for additional information about the cyber security critical infrastructure framework project.

There will be the 2nd Cybersecurity Framework Workshop, May 29-31, 2013, at Carnegie Mellon University.



Leave a Reply

You must be logged in to post a comment.