The National Institute of Standards and Technology (NIST) today issued a Request for Information (RFI) in the Federal Register as its first step in the process to develop a Cybersecurity Framework, a set of voluntary standards and best practices to guide industry in reducing cyber risks to the networks and computers that support critical infrastructure vital to the nation's economy, security and daily life.
Stakeholder meetings are also a part of the framework process, and the first such meeting will be held April 3, 2013, at the NIST headquarters in Gaithersburg, Md.
President Obama called for the framework to reduce cyber risks to critical infrastructure such as power plants and financial, transportation and communications systems, in his February 12, 2013, Executive Order on "Improving Critical Infrastructure Cybersecurity."*
NIST requests ideas, recommendations and other input from critical infrastructure owners and operators, federal agencies, state and local governments, standards-setting organizations, and other interested parties about current risk management practices; use of frameworks, standards, guidelines and best practices; specific industry practices and more. Specific questions are included in the RFI.
For more on information about the framework and the process NIST will use to develop the framework within a year, see the February 13, 2013, announcement** on the Department of Commerce Web page or the NIST Cybersecurity Framework Web page at www.nist.gov/itl/cyberframework.cfm.
The RFI on the new Cybersecurity Framework is available at https://www.federalregister.gov/articles/2013/02/26/2013-04413/developing-a-framework-to-improve-critical-infrastructure-cybersecurity. Comments are due by 5 p.m. ET, Monday, April 8, 2013, and should be sent to email@example.com with the subject line: "Developing a Framework to Improve Critical Infrastructure Cybersecurity."
Registration information for the April 3 public workshop is available at www.nist.gov/itl/csd/cybersecurity-framework-workshop.cfm.