The National Institute of Standards and Technology (NIST) this week released a Request for Information (RFI) to solicit ideas for voluntary standards and best practices that owners and operators of critical infrastructures could use to protect their networks and computers from cyber attacks.
The RFI will be used by NIST to help it develop a Cybersecurity Framework in the coming months that will provide the security standards and best practices that critical infrastructure owners can opt to adopt, or not. The development of the framework was directed by President Barack Obama last month as part of an Executive Order meant to begin to close cyber vulnerability gaps in the nation’s critical industries through improved information sharing and the use of best practices (Defense Daily, Feb. 13 and Feb. 14).
The RFI is part of an iterative process that NIST will use along with workshops to engage industry and other stakeholders in creating the Cybersecurity Framework. “The framework will consist of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks,” according to the RFI.
Responses to the RFI are due by April 8.