NIST Requests Information Regarding Cybersecurity Framework

more+
less-

On February 26, the National Institute of Standards and Technology (NIST), issued a request for information to begin developing the “Cybersecurity Framework” required by a recent executive order directing NIST to develop a framework to reduce cyber risks to critical infrastructure. The request explains that the framework will incorporate voluntary consensus standards and industry best practices to the fullest extent possible, and should include flexible standards, guidelines, and best practices that provide (i) a consultative process to assess the cybersecurity-related risks to organizational missions and business functions, (ii) a menu of management, operational, and technical security controls, including policies and processes, available to address a range of threats, (iii) a consultative process to identify adequate security controls, (iv) metrics to assess and monitor the effectiveness of security controls, (v) a comprehensive risk management approach that provides the ability to assess, respond to, and monitor information security-related risks and provide industry leadership with necessary information to help make ongoing risk-based decisions, and (vi) a menu of privacy controls. The goal of the framework development process is to (i) identify existing cybersecurity standards, guidelines, frameworks, and best practices that are applicable to increase the security of critical infrastructure sectors and other interested entities, (ii) specify high-priority gaps for which new or revised standards are needed, and (iii) collaboratively develop action plans by which those gaps can be addressed. NIST asks that comments be provided by April 8, 2013.

Topics:  Critical Infrastructure Sectors, Cybersecurity, Data Protection, Executive Orders, NIST

Published In: Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BuckleySandler LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »