This October, after months of workshops and meetings all over the country, the National Institute of Standards and Technology (NIST) released a preliminary framework for voluntary cybersecurity standards for owners and operators of critical infrastructure. As you may recall, this framework was created following an executive order from President Obama in February 2012. A link to the preliminary framework can be found here.
NIST has been a forthright and open leader in this process and in that vein has asked for comments from all industry parties on the preliminary framework. The goal is for NIST to review the comments and produce a final framework sometime in February 2014.
CompTIA has filed formal comments with NIST, which can be found here. In summary, our comments were focused on two main concerns: the ease with which small- and medium-sized businesses can implement the framework, and the cyber-workforce that will be needed universally to support the framework within organizations of all sizes. I hope you will take some time to review the comments in greater detail.
We will keep you posted as this process continues over the next few months. As always, please do not hesitate to contact us at [email protected] if you have any feedback on the framework.