Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Proposed Update to the Framework for Improving Critical Infrastructure Cybersecurity
January 25, 2017

NIST requests comments on a proposed update to the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The voluntary Framework consists of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. The Framework was published on February 12, 2014, after a year-long, open process involving private and public sector organizations, including extensive input and public comments. It has been used with increasing frequency and in a variety of ways by organizations of all sizes, areas of interest, and based inside and outside the United States.

This Request for Comments (RFC) is meant to facilitate coordination with, “private sector personnel and entities, critical infrastructure owners and operators, and other relevant industry organizations” as directed by the Cybersecurity Enhancement Act of 2014. The proposed update to the Framework is available for review at http://www.nist.gov/​cyberframework. Responses to this RFC will be posted at http://www.nist.gov/​cyberframework and will inform NIST's planned update to the Framework.

Comments must be received by 5:00 p.m. Eastern time on April 10, 2017.

Federal Register Notice

Document Number: 2016-01599

Parent Project

See: Cybersecurity Framework
Created January 25, 2017