The National Institute of Standards and Technology (NIST) on Friday posted on its website a preview version of a Request for Information (RFI) to seek public feedback on a voluntary cyber security best practices and standards framework that it released in February.
NIST said the goal of the RFI, which will also be announced soon in the Federal Register, is to obtain an “understanding of organizations’ awareness of and experiences with the” Cybersecurity Framework. The agency, part of the Commerce Department, also said that it is “especially interested in comments that will help to determine the framework’s usefulness and applicability throughout industry.”
“We’ve seen organizations approach the framework in different ways,” Adam Sedgwick, senior policy analyst for NIST, said in a statement. “Some are using it to start conversations within their organizations or across their sectors, others to create detailed cyber risk management plans. We want to hear from all stakeholders to understand how they’ve used the framework, how it’s been helpful, and where challenges may lie.”
Development of the first version of the Cybersecurity Framework was overseen by NIST in partnership with private sector participants, in particular owners and operators of the nation’s critical infrastructures. At the time of the framework’s release, NIST also issued a roadmap that outlines future areas that should be addressed to improve the framework.
Since the release of the framework, NIST has been working with various industry groups, associations, government agencies, and international standards bodies to improve awareness of the guidance document while also promoting its use as a tool for managing and reducing cyber security risks.
NIST said that responses to the RFI will impact how it helps organizations use the framework. A workshop to discuss the framework will be held in late October in Tampa, Fla.