After a slight delay due to the government shutdown, the National Institute of Standards and Technology (NIST) has released a draft cybersecurity framework that sets voluntary standards and guidelines. As you may recall, this framework was required under the President’s “Executive Order on Cybersecurity” that Obama issued in February 2013. The framework is the result of four different workshops that were held around the country in which NIST consulted with industry and government. CompTIA was happy to be a participant in this process. Moving forward, the public has 45 days to submit comments to the agency, which we plan to do, and there will be a fifth workshop in November in North Carolina.
We are in the process of reviewing the framework and will keep you posted on our formal comments. However, we are on the lookout to ensure that the framework will be adaptable by both large businesses as well as small- and medium-sized ones. Additionally, we were pleased to see a reference to the cyber-workforce that will be required to keep companies secure. We raised this as an issue to be considered at the conference in Dallas and will continue to work with NIST on this important component to our nation’s cybersecurity.
To see the draft framework, please click here. We encourage you to share your thoughts with us on the framework and we would be happy to include them in our formal comments to NIST.
