Skip to content

NIST Requests Feedback on First Version of Cybersecurity Framework

A federal organization is requesting feedback from companies who have implemented the voluntary cybersecurity framework for critical infrastructure that it issued earlier this year. The National Institute for Standards and Technology (NIST) will release a request for information (RFI) in an upcoming issue of the Federal Register to get feedback from businesses who have used the Framework for Improving Critical Infrastructure Cybersecurity to �create, guide, assess or improve their cybersecurity plans,� according to the official press release.

NIST held a series of workshops to put together the voluntary framework with input from government and industry, which was the result of an executive order from President Obama in February 2013. The 1.0 version of the document was released in February and is meant to provide organizations with a �basic, flexible and adaptable tool for managing and reducing cyber risks.� NIST says the responses to this RFI will affect how it moves forward in helping organizations find the right tools and resources to implement the framework more effectively.

The comments will be posted to the framework�s Web site after 45 days when the comment period closes. �NIST is especially interested in comments that will help to determine the framework's usefulness and applicability throughout industry, but input from all organizations is encouraged,� the press release states. NIST is also asking for input on theRoadmap it created to accompany the framework, which �outlines issues and challenges that should be addressed in order to improve future versions of the framework.�