Cyber security standards office seeks feedback on infrastructure improvementsReprints
A comment period on the National Institute of Standards and Technology's voluntary framework for improving critical cyber security infrastructure began Friday.
The framework issued in February 2014 by Gaithersburg, Maryland-based NIST in response to a 2013 executive order, consists of standards, guidelines and practices designed to help organizations address cyber risks by aligning policy, business and technological services. Experts have praised it as a flexible guide that is not unduly specific.
In its request for information, NIST asks questions including how the framework is being used to improve cyber security risk management; how best practices for using it are being shared; and the relative value of different parts of the framework.
The comment period closes Feb. 9.
Responses, which will be posted publicly, will inform NIST's planning and decision-making for how to further advance the framework, NIST said Wednesday in a statement.
“The process to develop the framework brought together both private and public-sector organizations and resulted in a document that is being used by a wide variety of organizations,” Adam Sedgewick, NIST senior information technology policy adviser, said in the statement. “We're looking forward to receiving feedback on specific questions about its use and how it might be improved.”
Forms for providing comment are available on NIST'S website.