Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President under the Executive Order “Improving Critical Infrastructure Cybersecurity” has directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. The Framework will consist of standards, guidelines, and best practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework will help owners and operators of critical infrastructure to manage cybersecurity-related risk while protecting business confidentiality, individual privacy and civil liberties.
Preliminary Cybersecurity Framework
NIST seeks comments on the preliminary version of the Cybersecurity Framework ("preliminary Framework"). The preliminary Framework was developed by NIST using information collected through the Request for Information (RFI) that was published in the Federal Register on February 26, 2013 and a series of open public workshops. The preliminary Framework was developed in response to Executive Order 13636, "Improving Critical Infrastructure Cybersecurity" ("Executive Order"). Under the Executive Order, the Secretary of Commerce is tasked to direct the Director of NIST to work with stakeholders to develop a framework to reduce cyber risks to critical infrastructure.
On October 29, 2013, NIST announced a 45-day public comment period on the preliminary Framework in the Federal Register. Comments are due no later than 5pm EST on December 13, 2013. Comments should be submitted to NIST using the comment template form below. Electronic comments concerning the preliminary Framework should be submitted in Microsoft Word or Excel formats to: email@example.com, with the Subject line: Preliminary Cybersecurity Framework Comments. Written comments concerning the preliminary Framework may be sent to: Information Technology Laboratory, ATTN: Adam Sedgewick, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930. All comments will be posted at http://csrc.nist.gov/cyberframework/preliminary_framework_comments.html without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or business information).
Comments are also sought to determine if the informative references (standards, guidelines and best practices) are presented in the Framework in a manner that allows for their effective use. The alternative presentation of Appendix A (Framework Core) below is one such presentation.
Framework Core (XLSX)
For further information and/or questions about the Cybersecurity Framework, contact us at: firstname.lastname@example.org
Lead Organizational Unit:itl