NIST Issues Request for Information, Begins Developing Cybersecurity Framework Under Recent Executive Order

On February 26, 2013, the National Institute of Standards and Technology (NIST) issued a Request for Information (RFI) entitled, “Developing a Framework to Improve Critical Infrastructure Cybersecurity.” The RFI requests “information to help identify, refine, and guide the many interrelated considerations, challenges, and efforts needed to develop" a Cybersecurity Framework as mandated by Cybersecurity Executive Order 13636 issued by the Obama Administration on February 12, 2013.

The White House and NIST have repeatedly emphasized that the Cybersecurity Framework, which will serve as the cornerstone of a voluntary cybersecurity program for critical infrastructure owners and operators, will be developed through an “open public review and comment process” that will give stakeholders numerous opportunities to provide input on the standards, methodologies, procedures and processes that will make up the Framework. The RFI represents the first opportunity for public comment. Responses to the RFI must be submitted by 5:00 p.m. on April 8, 2013.

The RFI states that the Framework development process will seek to identify existing “cross-sector” cybersecurity standards and guidelines that are currently or could be applied to critical infrastructure as well as any “potential gaps (i.e., where standards/guidelines are nonexistent or where existing standards/guidelines are inadequate) that need to be addressed through collaboration with industry and industry-led standards bodies.” Further, any gaps identified will be addressed through collaboratively-developed action plans.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.