NIST requests comments on a proposed update to the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The voluntary Framework consists of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. The Framework was published on February 12, 2014, after a year-long, open process involving private and public sector organizations, including extensive input and public comments. It has been used with increasing frequency and in a variety of ways by organizations of all sizes, areas of interest, and based inside and outside the United States.

This Request for Comments (RFC) is meant to facilitate coordination with, “private sector personnel and entities, critical infrastructure owners and operators, and other relevant industry organizations” as directed by the Cybersecurity Enhancement Act of 2014. The proposed update to the Framework is available for review at http://www.nist.gov/​cyberframework. Responses to this RFC will be posted at http://www.nist.gov/​cyberframework and will inform NIST's planned update to the Framework.

Comments must be received by 5:00 p.m. Eastern time on April 10, 2017.