The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework on October 22. Required by White House Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” the Framework is a set of practices that critical infrastructure owners can implement to reduce their cyber security risks.
The final Framework is due in February 2014; it is not expected to differ much from the preliminary version. The Executive Order also directs EPA and other federal agencies to work with their sectors to develop sector-specific guidance to help industry implement it. Implementation of the Framework by critical infrastructure owners and operators will be voluntary, but the Executive Order directs federal agencies, including EPA, to press industry to adopt it.
NIST will seek public comment on the Preliminary Framework for 45 days after it is published in the Federal Register. NIST will also hold a workshop to discuss the Preliminary Framework on November 14 and 15 at North Carolina State University.