Background - NIST Responsibilities
NIST will develop the Framework in a manner that is consistent with
its mission to promote U.S. innovation and industrial competitiveness.
The Framework will be developed by ongoing engagement with, and input
from, stakeholders in government, industry, and academia, including an
open public review and comment process, workshops and other means of
engagement.
To develop the Framework, NIST will use a Request for Information
(RFI) and ongoing stakeholder engagement to: (i) identify existing
cybersecurity standards, guidelines, frameworks, and best practices that
are applicable to increase the security of critical infrastructure
sectors and other interested entities; (ii) specify high-priority gaps
for which new or revised standards are needed; and (iii) collaboratively
develop action plans by which these gaps can be addressed.
The Framework will seek to promote the wide adoption of practices to
increase cybersecurity across all sectors and industry types. It will
seek to provide owners and operators a flexible, repeatable and cost
effective risk-based approach to implementing security practices while
allowing organizations to express requirements to multiple authorities
and regulators.
The below presentation shows the process by which NIST will work with stakeholders to develop the Initial Framework.
Cybersecurity Framework Development Overview
Update on Development of the Cybersecurity Framework (June 18, 2013)
Events:
Throughout the development of the Framework, NIST will host a series
of events and workshops to gather additional input and develop the
Framework. Look here for an updated schedule of events.
RFI
NIST has issued a Request for Information (RFI) in the
Federal Register to gather initial information on the many interrelated
considerations, challenges, and efforts needed to develop the Framework.
RFI
If you have any questions, please contact NIST at cyberframework@nist.gov.
RFI Supporting Materials:
RFI - Framework for Reducing Cyber Risks to Critical Infrastructure
RFI Comments
Initial Analysis Cybersecurity Framework RFI Responses
NOI
The Department of Commerce has issued a Notice of Inquiry (NOI)
in the Federal Register to gather comments from the private sector on a
broad set of incentives that could help to promote the adoption of
proven efforts to address cybersecurity vulnerabilities.
If you have any questions, please email cyberincentives@ntia.doc.gov.
The Framework
As responses come in to the Request for Information, they will be
publicly posted here to encourage wide review and public engagement.
Contact Us
For further information and/or questions about the Cybersecurity Framework, contact us at: cyberframework@nist.gov