As part of its efforts to develop a voluntary framework to improve cybersecurity in the nation's critical infrastructure, the National Institute of Standards and Technology (NIST) has posted a draft outline of the document to invite public review and gather comments.
The Executive Order calling for NIST to develop the framework directs the agency to collaborate with the public and private sectors. The draft outline reflects input received in response to a February 2013 Request for Information, discussions at two workshops and other forms of stakeholder engagement.The framework so far is useless, but their approach is good. It will be Risk based, and leverage existing standards. This is music to my ears.
The draft outline and other documents related to the Cybersecurity Framework are available at http://www.nist.gov/itl/cyberframework.cfm.The most informative part of this announcement is their presentations:
The below presentation shows the process by which NIST will work with stakeholders to develop the Initial Framework.So, there isn't anything to look at today. But it is a good chance to remind them of their own good work.
Cybersecurity Framework Development Overview
Update on Development of the Cybersecurity Framework (June 18, 2013)
- How to apply Risk Assessment to get your Security and Privacy and Security requirements
- FYI: NIST: Revision of SP 800-53 Addresses Current Cybersecurity Threats, Adds Privacy Controls
- Privacy and Security in Designing an mHealth Application
- FW: NIST - Safeguarding Health Information: Building Assurance through HIPAA Security
- HHS/ONC - Mobile Devices Roundtable: Safeguarding Health Information
- Level setting on Level of Assurance