As part of its efforts to develop a voluntary framework to improve cybersecurity in the nation’s critical infrastructure and in response to a February 2013 executive order from President Barack Obama, the National Institute of Standards and Technology (NIST) has posted a draft outline of the document to invite public review and gather comments.
The executive order calling for NIST to develop the framework directs the agency to collaborate with the public and private sectors. The draft outline reflects input received in response to a February 2013 request for information, discussions at two workshops and other forms of stakeholder engagement.
The outline proposes a core structure for the framework and includes a user’s guide and an executive overview that describes the purpose, need and application of the framework in business. Reflecting received comments that emphasized the importance of executive involvement in managing cyber risks, the framework is designed to help business leaders evaluate how prepared their organizations are to deal with cyber threats and their impacts.
NIST also released a draft compendium of informative references composed of existing standards, practices and guidelines to reduce cyber risks to critical infrastructure industries. This material was released to foster discussion at upcoming workshops and to further encourage private-sector input before NIST publishes the official draft cybersecurity framework for public comment in October 2013.
The draft outline and other documents related to the cybersecurity framework are available at http://www.nist.gov/itl/cyberframework.cfm.