NIST Issues RFI on cybersecurity Framework use, management.

Press Release Summary:



NIST issued Request for information (RFI) on feedback regarding how its voluntary "Framework for Improving Critical Infrastructure Cybersecurity" is being used, how best practices for Framework use are being shared, and relative value of different parts of Framework. Additional comments on possible changes to Framework and its future management are also welcome. ANSI encourages all relevant stakeholders to respond by February 9, 2016.



Original Press Release:



NIST Issues RFI on Cybersecurity Framework Use, Potential Updates and Future Management



Comment Period Ends February 9



The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has issued a request for information (RFI) on feedback regarding how its voluntary “Framework for Improving Critical Infrastructure Cybersecurity” is being used, in addition to comments on possible changes to the Framework and its future management. The American National Standards Institute (ANSI) encourages all relevant stakeholders to respond to the RFI by February 9, 2016.



The framework, which was released in 2014 as a result of President Obama’s Executive Order “Improving Critical Infrastructure Cybersecurity,” was created through collaboration between industry and government. It consists of standards, guidelines, and practices to promote the protection of critical infrastructure, and uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on business. The prioritized, flexible, repeatable, and costeffective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk, NIST reports.



NIST is specifically seeking information on:

Ways in which the Framework is being used to improve cybersecurity risk management

How best practices for using the Framework are being shared

The relative value of different parts of the Framework

The possible need for an update of the Framework Options for long-term governance of the Framework



Respondents may organize their submissions using NIST’s RFI Response Template. The comment period ends on February 9, 2015.



ANSI is committed to supporting cybersecurity through the various efforts highlighted in its recently launched cyber portal, www.ansi.org/cyber. See related ANSI cybersecurity news.

All Topics