On July 2, 2013 the National Institute of Standards and Technology (NIST) issued a preliminary draft outline of the Cybersecurity Framework being developed pursuant to the President’s February 2013 executive order that requires the NIST to develop the framework though a private-public partnership using a public process that invites input from companies, not-for-profit organizations, and governmental agencies.
The draft outline is five pages in length and outlines nine sections that the NIST will include in the Cybersecurity Framework. These sections include instructions on how to use the framework, a risk management approach, and illustrative examples. The framework is to be considered a guide rather than a detailed manual and is intended to assist an organization to align and integrate its cybersecurity polices with its overall risk management. The NIST has also published a compendium of informative references that includes standards, guidelines, and best practices. The listed standards relied on public input, and organizations are expected to selected select standards for their own use.
The NIST has hosted public workshops in Washington D.C. in early April and in Pittsburgh in late May. It will host a workshop in San Diego on July 10-12, 2013, where it will invite further input by stakeholders. The plenary sessions will be webcast live.