Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Request for Information on the Cybersecurity Framework
December 11, 2015

NIST releases a third Cybersecurity Framework Request for Information (RFI), Views on the Framework for Improving Critical Infrastructure Cybersecurity, requesting information* about:

  • the variety of ways in which the Framework is being used to improve cybersecurity risk management,
  • how best practices for using the Framework are being shared,
  • the relative value of different parts of the Framework,
  • the possible need for an update of the Framework, and
  • options for the long-term governance of the Framework.

See the RFI for a detailed set of questions

Responses will be posted at the Cybersecurity Framework RFI page, and will inform NIST’s planning and decision-making about how to further advance the Framework so that the Nation’s critical infrastructure is made more secure by enhancing its cybersecurity and risk management. This information will also assist in developing the agenda of a Framework workshop being planned for April 6-7, 2016 at NIST in Gaithersburg, Maryland. More specifics will be available at a later date. 

Comments are due by February 9, 2016, and may be sent to with the Subject “Views on the Framework for Improving Critical Infrastructure Cybersecurity.” See the RFI for more comment submission details

Also see the full Federal Register Notice and the Cybersecurity Framework homepage

* This information is needed to carry out NIST's responsibilities under the Cybersecurity Enhancement Act of 2014 and Executive Order 13636.

Parent Project

See: Cybersecurity Framework
Created December 21, 2016, Updated September 22, 2017