NISTIR 8170 (DRAFT) provides guidance on how the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) can be used in the U.S. Federal Government in conjunction with the current and planned suite of NIST security and privacy risk management publications. The specific guidance was derived from current Cybersecurity Framework use. To provide federal agencies with examples of how the Cybersecurity Framework can augment the current versions of NIST security and privacy risk management publications, this guidance uses common federal information security vocabulary and processes.
NIST will engage with agencies to add content based on agency implementation, refine current guidance and identify additional guidance to provide the information that is most helpful to agencies. Feedback will also help to determine which Cybersecurity Framework concepts are incorporated into future versions of the suite of NIST security and privacy risk management publications. NIST would like feedback that addresses the following questions:
Comments are due June 30, 2017, and may be submitted to nistir8170@nist.gov.