In order to get more feedback on the Framework for Improving Critical Infrastructure Cybersecurity, there will be a workshop Oct. 29 and 30 hosted by the Florida Center for Cybersecurity (FC2) at the University of South Florida in Tampa.
The purpose of the Cybersecurity Framework Workshop is to gather input to help the National Institute of Standards and Technology (NIST) understand stakeholder awareness of, and initial experiences with, the framework and related activities to support its use. The target audience is critical infrastructure owners and operators and cybersecurity staff, specifically those who have operational, managerial and policy experience and responsibilities for cybersecurity, technology and/or standards development for critical infrastructure companies.
The voluntary framework released this past February as directed by President Obama in Executive Order 13636, Improving Critical Infrastructure Cybersecurity. The framework consists of existing standards, guidelines and practices and provides guidance for reducing cybersecurity risk for organizations within the critical infrastructure, such as in the energy or banking industries. The framework was the result of a year-long process in which NIST served as a convener for industry, academia and government stakeholders.
Since the framework released, NIST has continued to reach out to stakeholders to raise awareness and encourage use of the framework and to collect feedback. These notes are in an update on the framework. The update summarizes progress in areas identified in the framework’s accompanying Roadmap as needing additional development — where the needs of critical infrastructure owners and operators extend beyond existing standards, guidelines and practices. NIST also just released a Cybersecurity Framework Reference Tool to help users navigate the framework.
In advance of the October meeting, NIST plans to issue a Request for Information to learn how companies and organizations are learning about and using the framework. NIST will seek input from individual critical infrastructure owners and operators of all sizes, as well as their representatives from sector and professional associations; federal agencies; state, local, territorial and tribal governments; standards development organizations; industry and consumer groups; and solution providers and other stakeholders.
Click here to register for the October workshop.