Executive Branch Activity

NIST Cybersecurity Framework

Stakeholders have until Friday, December 13 to submit comments on the National Institute of Standards and Technology (NIST) draft Cybersecurity Framework that was released in October. As required by the President’s Executive Order (EO) on cybersecurity released in February 2013, NIST will incorporate these comments in the final version of the Cybersecurity Framework that will be released in February 2014.

The U.S. Department of Homeland Security (DHS) is also working with stakeholders to determine the process for critical infrastructure owners and operators that choose to adopt the Cybersecurity Framework. At a workshop last week, DHS noted that it plans to issue guidance to assist companies that are interested in participating in its voluntary Cybersecurity Framework adoption program.

Information Security and Privacy Advisory Board Meeting

On December 19 and 20, NIST’s Information Security and Privacy Advisory Board will hold a meeting to discuss the President’s cybersecurity EO and incentives for critical infrastructure owners and operators to adopt improved cybersecurity practices. The federal board advises the Secretary of Commerce, the Director of the Office of Management and Budget (OMB) and the Director of NIST on a number of issues, including the ongoing development of the Cybersecurity Framework.

OMB Continuous Monitoring Memo

On November 18, OMB released a memo detailing the deadlines that federal agencies must meet to establish information security continuous monitoring (ISCM) regimes in order to enhance the federal government’s ability to identify and respond to emerging cyber threats. All agencies are required to submit their ISCM strategies to OMB by February 28, 2014 but are not required to implement them until 2017.