NIST releases a third Cybersecurity Framework Request for Information (RFI), Views on the Framework for Improving Critical Infrastructure Cybersecurity, requesting information* about:

• the variety of ways in which the Framework is being used to improve cybersecurity risk management,
• how best practices for using the Framework are being shared,
• the relative value of different parts of the Framework,
• the possible need for an update of the Framework, and
• options for the long-term governance of the Framework.

See the RFI for a detailed set of questions. 

Responses will be posted at the Cybersecurity Framework RFI page, and will inform NIST’s planning and decision-making about how to further advance the Framework so that the Nation’s critical infrastructure is made more secure by enhancing its cybersecurity and risk management. This information will also assist in developing the agenda of a Framework workshop being planned for April 6-7, 2016 at NIST in Gaithersburg, Maryland. More specifics will be available at a later date. 

Comments are due by February 9, 2016, and may be sent to cyberframework@nist.gov with the Subject “Views on the Framework for Improving Critical Infrastructure Cybersecurity.” See the RFI for more comment submission details. 

Also see the full Federal Register Notice and the Cybersecurity Framework homepage. 

* This information is needed to carry out NIST's responsibilities under the Cybersecurity Enhancement Act of 2014 and Executive Order 13636.