NIST requests information about the level of awareness throughout critical infrastructure organizations, and initial experiences with the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). As directed by Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the “Executive Order”), the Framework consists of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. The Framework was released on February 12, 2014, after a year-long, open process involving private and public sector organizations, including extensive input and public comments.
Responses to this RFI—which will be posted at https://www.nist.gov/cyberframework/additional-information/rfis—will inform NIST's planning and decision-making about possible tools and resources to help organizations to use the Framework more effectively and efficiently. They will also help inform future versions of the Framework. The responses will also inform the Department of Homeland Security's Critical Infrastructure Cyber Community C3 Voluntary Program. In addition, NIST is interested in receiving comments related to the Roadmap that accompanied publication of the Framework. All information provided will also assist in developing the agenda for a workshop on the Framework being planned for October 2014.