Skip to main content

Privacy Monday: October 28, 2103 -- NIST Cybersecurity "Framework" Published for Comment

Written by Jonathan Cain

The National Institute of Standards and Technology (NIST) has published its preliminary cybersecurity “Framework” that it was directed to develop in Executive Order 13636. The Executive Order requires that NIST develop and publish a cybersecurity Framework to protect national critical infrastructure through a “prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”

The preliminary Framework is the product of a series of workshops held throughout the U.S. since February and industry comments. Within the next few days, NIST will publish a Federal Register notice formally seeking comments on the preliminary Framework before publishing a final Framework document in February 2014.

An interesting point to take note:  the privacy issues appear to have become a much bigger part of the Framework than in prior discussions.   Read Mintz Levin's Privacy and Security client alert here for analysis, and stay tuned for further analysis during the comment period.

 

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.