The National Institute of Standards and Technology (NIST) has published its preliminary cybersecurity “Framework” that it was directed to develop in Executive Order 13636. The Executive Order requires that NIST develop and publish a cybersecurity Framework to protect national critical infrastructure through a “prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”

The preliminary Framework is the product of a series of workshops held throughout the U.S. since February and industry comments. Within the next few days, NIST will publish a Federal Register notice formally seeking comments on the preliminary Framework before publishing a final Framework document in February 2014.

An interesting point to take note:  the privacy issues appear to have become a much bigger part of the Framework than in prior discussions.