Main Nav

NIST Posts Initial Analysis of Comments on Cybersecurity Framework

The National Institute of Standards and Technology (NIST) announced that it has prepared an initial analysis of hundreds of comments submitted by industry and the public related to the President's "Improving Critical Infrastructure Cybersecurity" Executive Order issued in February.  NIST is making the initial analysis available as a status update and to provide background for a workshop later this month to discuss the Cybersecurity Framework.  The workshop will be held at Carnegie Mellon University on May 29-31, 2013.  

EDUCAUSE submitted comments to the 33 questions in the Request for Information.  While supporting the proposition that a modern cybersecurity framework of standards, guidelines, and best practices would be helpful for the higher education community, EDUCAUSE warned that the diversity of size and type of higher education institutions will require flexibility for how a framework designed for critical infrastructures might be applied to the non-profit, educational sector.  Additionally, the resulting framework must be easy to adopt and not overly complex for higher education institutions to embrace it.

The EDUCAUSE comments are also supported in the initial analysis that sets forth some Principles - characteristics and considerations that the Framework must embrace:

  • Flexibility - the framework can be applied across multiple sectors and across the diverse group of stakeholders
  • Impact on Global Operations - impacts of the framework on global and international operations
  • Risk Management Approaches - the framework should encourage the use of risk-based approaches rather than compliance-based approaches
  • Leveraging Existing Approaches, Standards, and Best Practices - the framework should leverage existing risk management approaches, standards, and best practices.  Owners/operators should not have to manage overlapping or duplicative approaches, dual standards and conflicting requirements.

A new Request for Comment is expected in the Fall after NIST takes into account all that it learns from the comments and the workshops.

 

Posted by Rodney on May 21, 2013

Tags from the EDUCAUSE Library

Research and Publications

Conferences and Events

Career Development

Focus Areas and Initiatives

Connect and Contribute

About EDUCAUSE

Close


Current Issue
May/June 2013
EDUCAUSE Review

Publications

Research

Close


Annual Conference
October 15–18, 2013
Register now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

See All Events

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center

Find or Post a Job

Leadership and Management Programs

EDUCAUSE Institute
Advanced Programs
Project Management

 

Fellowships and Awards

Fellowships
Awards Programs

Getting Involved

Mentoring
Volunteer
Speak at an Event

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

Advance Your Career

 

Close

Latest Topics

EDUCAUSE organizes its efforts around three IT Focus Areas

 

Enterprise and Infrastructure

Enterprise and
Infrastructure

Policy and Security

Policy and
Security

Teaching and Learning

Teaching and
Learning

 

Join These Programs If Your Focus Is

Close

From the Blogs
Grit
by
Diana Oblinger

Find Others

Share Ideas

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

Create Your Profile

 

Close

2013 Strategic Priorities

  • Connected Learning
  • Enterprise IT
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.
 

Discover Membership