Cybersecurity frameworkRFI for cybersecurity framework for critical infrastructure

The National Institute of Standards and Technology (NIST) the other day issued a Request for Information (RFI) in the Federal Register as its first step in the process to develop a Cybersecurity Framework, a set of voluntary standards and best practices to guide industry in reducing cyber risks to the networks and computers that support critical infrastructure vital to the nation’s economy, security, and daily life.

Stakeholder meetings are also a part of the framework process, and the first such meeting will be held 3 April 2013 at the NIST headquarters in Gaithersburg, Maryland.

President Obama called for the framework to reduce cyber risks to critical infrastructure such as power plants and financial, transportation and communications systems, in his 12 February 2013 Executive Order on “Improving Critical Infrastructure Cybersecurity” (see the Executive Order here).

A NIST release reports that NIST requests ideas, recommendations, and other input from critical infrastructure owners and operators, federal agencies, state and local governments, standards-setting organizations, and other interested parties about current risk management practices; use of frameworks, standards, guidelines and best practices; specific industry practices and more. Specific questions are included in the RFI.

For more on information about the framework and the process NIST will use to develop the framework within a year, see the 13 February 2013 announcement on the Department of Commerce Web page or the NIST Cybersecurity Framework Web page.

The RFI on the new Cybersecurity Framework is available here.

Comments are due by 5 p.m. ET, Monday, 8 April 8 2013, and should be sent to cyberframework@nist.gov with the subject line: “Developing a Framework to Improve Critical Infrastructure Cybersecurity.”

See here for registration information for the 3 April public workshop.