Main Nav

NIST Posts Initial Analysis of Comments on Cybersecurity Framework

The National Institute of Standards and Technology (NIST) announced that it has prepared an initial analysis of hundreds of comments submitted by industry and the public related to the President's "Improving Critical Infrastructure Cybersecurity" Executive Order issued in February.  NIST is making the initial analysis available as a status update and to provide background for a workshop later this month to discuss the Cybersecurity Framework.  The workshop will be held at Carnegie Mellon University on May 29-31, 2013.  

EDUCAUSE submitted comments to the 33 questions in the Request for Information.  While supporting the proposition that a modern cybersecurity framework of standards, guidelines, and best practices would be helpful for the higher education community, EDUCAUSE warned that the diversity of size and type of higher education institutions will require flexibility for how a framework designed for critical infrastructures might be applied to the non-profit, educational sector.  Additionally, the resulting framework must be easy to adopt and not overly complex for higher education institutions to embrace it.

The EDUCAUSE comments are also supported in the initial analysis that sets forth some Principles - characteristics and considerations that the Framework must embrace:

  • Flexibility - the framework can be applied across multiple sectors and across the diverse group of stakeholders
  • Impact on Global Operations - impacts of the framework on global and international operations
  • Risk Management Approaches - the framework should encourage the use of risk-based approaches rather than compliance-based approaches
  • Leveraging Existing Approaches, Standards, and Best Practices - the framework should leverage existing risk management approaches, standards, and best practices.  Owners/operators should not have to manage overlapping or duplicative approaches, dual standards and conflicting requirements.

A new Request for Comment is expected in the Fall after NIST takes into account all that it learns from the comments and the workshops.



Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


Digital Badges
Member recognition effort
Earn yours >

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2015 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.