Following up on the President’s February 12, 2013 Executive Order on Cybersecurity and the related Presidential Policy Directive, discussed in our last blog entry, the National Institute of Standards and Technology (NIST) has issued a draft Request For Information (RFI) to kick off the public input process as mandated by the Executive Order. The RFI seeks information on current cybersecurity risk management practices of private organizations–including standards, guidelines, and best practices–in the various sectors, including communications, information technology, health, financial services, energy, water, and others that implicate critical infrastructure.

NIST is already accepting comments on the draft RFI. Once the draft RFI is finalized and published in the Federal Register, those wishing to have input will have only 45 days to submit comments to NIST on these wide-ranging cybersecurity issues. NIST will release a draft Cybersecurity Framework within eight months, and must publish a final Framework by February 12, 2014.

DWT can provide further information about NIST’s cyber-risk RFI upon request, and/or guidance or assistance in participating in the Cybersecurity Framework via filing comments with NIST.