On October 22, 2013, the Executive Office of the President issued, in conjunction with Executive Order 18636, Improving Critical Infrastructure Cybersecurity, a Preliminary Cybersecurity Framework.
With all of the news following the Affordable Care website problems, I feel that this framework is not getting attention it deserves. If you are in the private sector, you need to make your voice heard by responding to the request for comments on this framework. Otherwise, this opportunity for government to communicate with the private sector will either fade away, or become controlled by others who don’t have your organization’s best wishes at heart.
This paper outlines what the framework is, who the intended audience is, what is positive about the framework, and suggestions on how to improve it. I recommend that you get a copy of the framework yourself, available at NIST or at http://paulmisner.com/framework.pdf , read it, and provide your input. The deadline for comments is 12/12/2013. (Updated 11/11/2013)