On February 12, 2013, President Obama issued Executive Order 13636, which directed federal agencies to undertake a broad range of tasks aimed at enhancing the security and resilience of the nation’s critical infrastructure.  One task directed the National Institute of Standards and Technology (“NIST”) to establish a technology-neutral, voluntary, risk-based cybersecurity framework. A year later, on February 12, 2014, NIST released its Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0.  The Framework includes standards and processes that are intended to align policy, business, and technological approaches to addressing cybersecurity risks.

Since issuing the Framework, NIST has focused on raising awareness of the Framework and how it can be used to manage cyber risks.  Now, NIST is seeking a better understanding of how companies and organizations are using the Framework and what aspects of the Framework have been “helpful or challenging.”  Consequently, NIST has issued an RFI seeking information in three areas: (1) current awareness of the Framework; (2) early implementation experiences for those organizations utilizing the Framework; and (3) input on the utility of the Roadmap included within the Framework.  A series of suggested questions is included within each category; however, respondents are free to comment beyond the questions.

NIST intends to use the responses it receives to:

  • inform its approach to possible tools and resources that could be used to assist organizations in the efficient and effective use of the Framework;
  • inform subsequent versions of the Framework;
  • develop the agenda for an October 2014 workshop on the Framework; and
  • shape the Department of Homeland Security Critical Infrastructure Cyber Community C³ Voluntary Program.

Comments to NIST are due October 10, 2014.

 

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Susan B. Cassidy Susan B. Cassidy

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government…

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government contractors and represents her clients before the Defense Contract Audit Agency (DCAA), Inspectors General (IG), and the Department of Justice with regard to those investigations.  From 2008 to 2012, Ms. Cassidy served as in-house counsel at Northrop Grumman Corporation, one of the world’s largest defense contractors, supporting both defense and intelligence programs. Previously, Ms. Cassidy held an in-house position with Motorola Inc., leading a team of lawyers supporting sales of commercial communications products and services to US government defense and civilian agencies. Prior to going in-house, Ms. Cassidy was a litigation and government contracts partner in an international law firm headquartered in Washington, DC.