NIST’s initial steps towards implementing the Executive Order included issuing a Request for Information (RFI) in February 2013 to gather relevant input from industry and other stakeholders, and to encourage stakeholder participation in the Cybersecurity Framework development process. RFI responses ranged from individuals to large corporations and trade associations; from a few sentences on particular topics to comprehensive responses that exceeded 100 pages. All RFI responses were posted on NIST’s website.
This document represents NIST's initial analysis of the RFI responses. Its purpose is to describe the methodology that NIST used to perform the initial analysis of the submitted responses, and to identify and describe the Cybersecurity Framework themes that emerged as a part of the initial analysis. This initial analysis will serve as the basis for additional discussion and study at the Cybersecurity Framework Workshop #2 to be hosted at Carnegie Mellon University in Pittsburgh on May 29-31, 2013. In preparation for this workshop, we ask that all participants review the RFI submissions and this initial analysis.