Main Nav

NIST Posts Initial Analysis of Comments on Cybersecurity Framework

The National Institute of Standards and Technology (NIST) announced that it has prepared an initial analysis of hundreds of comments submitted by industry and the public related to the President's "Improving Critical Infrastructure Cybersecurity" Executive Order issued in February.  NIST is making the initial analysis available as a status update and to provide background for a workshop later this month to discuss the Cybersecurity Framework.  The workshop will be held at Carnegie Mellon University on May 29-31, 2013.  

EDUCAUSE submitted comments to the 33 questions in the Request for Information.  While supporting the proposition that a modern cybersecurity framework of standards, guidelines, and best practices would be helpful for the higher education community, EDUCAUSE warned that the diversity of size and type of higher education institutions will require flexibility for how a framework designed for critical infrastructures might be applied to the non-profit, educational sector.  Additionally, the resulting framework must be easy to adopt and not overly complex for higher education institutions to embrace it.

The EDUCAUSE comments are also supported in the initial analysis that sets forth some Principles - characteristics and considerations that the Framework must embrace:

  • Flexibility - the framework can be applied across multiple sectors and across the diverse group of stakeholders
  • Impact on Global Operations - impacts of the framework on global and international operations
  • Risk Management Approaches - the framework should encourage the use of risk-based approaches rather than compliance-based approaches
  • Leveraging Existing Approaches, Standards, and Best Practices - the framework should leverage existing risk management approaches, standards, and best practices.  Owners/operators should not have to manage overlapping or duplicative approaches, dual standards and conflicting requirements.

A new Request for Comment is expected in the Fall after NIST takes into account all that it learns from the comments and the workshops.

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.