NIST Solicits Industry for Voluntary Security Standards
February 28, 2013
The National Institute of Standards and Technology (NIST) is laying the groundwork for the administration’s voluntary cybersecurity program, geared toward critical infrastructure companies.
On Tuesday, NIST released a request for information asking industry about their internal cybersecurity measures, best practices for their sector, and what standards and guidelines shaped those practices.
Under the president’s cybersecurity executive order released this month, industry will create the voluntary security standards for critical infrastructure companies, with oversight from NIST. The agency will publish a draft cybersecurity framework by October that includes those standards and work with the Department of Homeland Security to publish a final version of the framework within a year.
“The [request for information] presents our initial consideration of what we think needs to be in the framework,” Adam Sedgewick, NIST’s lead on the cyber framework, said in an interview at the RSA conference. Sedgewick said the process for developing the framework will be similar to NIST’s work in collecting standards to create a security framework for the smart grid.