[caops-wg] US Presidential Directive: NIST Cybersecurity Framework Request for Information

Sill, Alan alan.sill at ttu.edu
Wed Feb 13 13:05:33 EST 2013 

Dear Jens, GFSG et al.,

Last night in the annual "State of the Union" address, the President of the US announced that he had directed the US Department of Commerce  to initiate development of a new Cybersecurity Framework specifically focused on standards and best practices to guide industry in reducing cyber risks overall to networks and computers.  

This announcement has been followed today by corresponding one from the US National Institute of Standards and Technology (contained in the Dept. of Commerce) as linked below:

http://www.commerce.gov/news/press-releases/2013/02/13/national-institute-standards-and-technology-initiates-development-new

Within this announcement is a notification of the upcoming issuance of a Request for Information (RFI) as summarized below:

Summary:
Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President under the Executive Order "Improving Critical Infrastructure Cybersecurity" has directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. The Framework will consist of standards, guidelines, and best practices to promote the protection of information and information systems supporting critical infrastructure operations. The prioritized, flexible, repeatable, and cost-effective approach of the framework will help owners and operators of critical infrastructure to manage cybersecurity-related risk while protecting business confidentiality, individual privacy and civil liberties.

A response from OGF summarizing OGF's technologies for security for large-scale production grid, cloud and distributed computing would not go amiss, and (given that NIST is an important part of the security standards landscape in the US and internationally) be a good place to highlight our OGF security technologies.  The RFI, attached, includes the question 

"What role(s) do or should national/international standards and organizations that develop national/international standards play in critical infrastructure cybersecurity conformity assessment?"


I believe it would be worthwhile for OGF as an organization to respond to this RFI.  Materials that we gather and submit to formulate as elements of this response could also be useful in other places within the OGF community and document development process.

It may also be useful for the IGTF to consider formulating a response.

Your thoughts on formulating an OGF response to the RFI would be appreciated.  While the due dates for response to the RFI are not yet set, the notification that is attached to this message does say that responses will be requested "within 45 days" of it issuance when it does come out.  

Link:
http://www.nist.gov/itl/cyberframework.cfm

Alan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: NIST_rfi_02_12_13.pdf
Type: application/pdf
Size: 149503 bytes
Desc: NIST_rfi_02_12_13.pdf
URL: <http://www.ogf.org/pipermail/caops-wg/attachments/20130213/f3e4a6bb/attachment-0001.pdf>

More information about the caops-wg mailing list