The National Institute of Standards and Technology (NIST) will hold a workshop on the Framework for Improving Critical Infrastructure Cybersecurity, Oct. 29 and 30, 2014, hosted by the Florida Center for Cybersecurity (FC2) located at the University of South Florida in Tampa.
The purpose of the Cybersecurity Framework Workshop is to gather input to help NIST understand stakeholder awareness of, and initial experiences with, the framework and related activities to support its use. The target audience is critical infrastructure owners and operators and cybersecurity staff, specifically those who have operational, managerial and policy experience and responsibilities for cybersecurity, technology and/or standards development for critical infrastructure companies.
The voluntary framework was released in February 2014 as directed by the President in Executive Order 13636, Improving Critical Infrastructure Cybersecurity. It is based on existing standards, guidelines and practices and provides guidance for reducing cybersecurity risk for organizations within the critical infrastructure, such as in the energy or banking industries. The framework was developed in a year-long process in which NIST served as a convener for industry, academia and government stakeholders.
Since the framework was released, NIST has continued to reach out to stakeholders to raise awareness and encourage use of the framework and to collect feedback. These activities are outlined in an update on the framework, released today. The update summarizes progress in areas identified in the framework's accompanying Roadmap as needing additional development—where the needs of critical infrastructure owners and operators extend beyond existing standards, guidelines and practices. NIST also recently released a Cybersecurity Framework Reference Tool to help users navigate the framework.
In advance of the October meeting, NIST plans to issue a Request for Information to learn how companies and organizations are learning about and using the framework. NIST will seek input from individual critical infrastructure owners and operators of all sizes, as well as their representatives from sector and professional associations; federal agencies; state, local, territorial and tribal governments; standards development organizations; industry and consumer groups; and solution providers and other stakeholders.
The framework was envisioned as a "living" document that would be continually improved based on feedback from users' experiences and updated as changes in standards, guidelines and technology require. Upcoming workshops,the RFI and feedback submitted to cyberframework [at] nist.gov (cyberframework[at]nist[dot]gov) will help inform future versions.
Register for the October workshop. (link removed because it is no longer active)