While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The National Institute of Standards and Technology wants to know whether companies that operate the nation’s most critical infrastructure are aware of the cybersecurity framework released in February and what impact the framework is having on their security environment.
In a request for information released Aug. 26, NIST outlined several questions aimed at gauging the use and effectiveness of its collaborative work with industry to develop best practices and voluntary standards for detecting, preventing, responding to and recovering from a cyberattack.
The framework is primarily intended for organizations that control the nation’s most critical systems, such as transportation and water. Attacks on such organizations or the infrastructure they manage could result in great economic damage or loss of life. But any company or government agency can adapt the framework to fit its needs.
Collaboration has been a major theme throughout the development of the cybersecurity framework, and the RFI is an extension of NIST’s ongoing partnership with industry and the public to consider and incorporate their feedback. Comments are due by Oct. 10.
Here are some of the questions included in the RFI:
NIST also wants feedback on whether there is awareness of the framework internationally, given the connected nature of digital assets globally. But the government may never know how broadly the framework is being used because companies don’t have to report if and how they are using it, Federal Times reported earlier this year.
RFI responses will be published online and “will inform NIST's planning and decision-making about possible tools and resources to help organizations to use the framework more effectively and efficiently,” according to NIST. The feedback will also inform development of future versions of the framework and the Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program.
NIST plans to host a workshop on the framework in October.