Main Nav

EDUCAUSE Submits Comments to NIST on Cybersecurity Framework

EDUCAUSE submitted comments on behalf of the Higher Education Information Security Council (HEISC) to address several questions raised by a NIST Request for Information concerning standards, guidelines, or best practices that promote the protection of information and information systems.  You can also review all of the comments received.  The Request For Information (RFI) issued by the National Institute for Standards and Technology (NIST) was directed by the President under the Executive Order “Improving Critical Infrastructure Cybersecurity”.  NIST is working with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure.  The RFI, initial workshop, and a subsequent workshop to be held at Carnegie Mellon University are early steps in collecting information and engaging the private sector.

While colleges and universities are not deemed "critical infrastructure", HEISC participated because of the interdepencies with other owners and operators of critical infrastructures and the relevance of existing standards such as ISO 27002 and NIST 800-53.  In fact, the HEISC Information Security Guide is organized according to the ISO standard with cross-references to NIST, COBIT, and PCI DSS.  Additionally, the RFI explains:

While the Framework will be focused on critical infrstructure, given the broad diversity of sectors that may include parts of critical infrastructure, the evolving nature of the classification of critical infrastructure based on risk, and the intention to involve a broad set of stakeholders in development of the Framework, the RFI will generally use the broader term "organizations" when seeking information.

The goals of the Framework development process will be:

  1. to identify existing cybersecurity standards, guidelines, frameworks, and best practices that are applicable to increasee the security of critical infrastructure sectors and other interested entities;
  2. to specify high-priority gaps for which new or revised standards are needed; and
  3. to collaboratively develop action plans by which these gaps can be addressed.


Within eight months NIST intends to publish for additional comment a draft Framework that clearly outlines areas of focus and provides preliminary lists of standards, guidelines, and best practices that fall within that outline.  The draft will also include initial conclusions for additional public comment.



Tags from the EDUCAUSE Library




Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


Digital Badges
Member recognition effort
Earn yours >

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.