Digital Version of November/December 2014 Print Edition
NIST formally asks for Cyber security ideas
The National Institute of Standards and Technology (NIST) formally issued a Request for Information (RFI) on developing voluntary industry standards to protect against Cyber attacks and intrusions.
NIST issued the RFI in the Federal Register on Feb. 26, marking its first step in a year-long process that will develop a Cyber security framework, mandated by president Obama’s Executive Order on Cyber security. The president issued the order on Feb. 12 aiming to protect critical infrastructure such as power plants and financial, transportation and communications systems. Congress is also pushing for legislation that would extend more protections, but those rules are still being hammered out.
The president’s framework will set voluntary standards and best practices to guide critical infrastructure and other industries in reducing cyber risks to vital networks and computers.
NIST has also set its first public meeting and workshop on the issue at its Gaithersburg, MD, headquarters on April 3.
In its formal announcement, NIST requested ideas, recommendations and other input from critical infrastructure owners and operators, federal agencies, state and local governments, standards-setting organizations, and other interested parties about current risk management practices; use of frameworks, standards, guidelines and best practices; specific industry practices and more. Specific questions are included in the RFI.
NIST said comments are due by 5 p.m., April 8, and should be sent to firstname.lastname@example.org with the subject line: "Developing a Framework to Improve Critical Infrastructure Cybersecurity."