81 FR 7506 - Views on the Framework for Improving Critical Infrastructure Cybersecurity
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology Federal Register Volume 81, Issue 29 (February 12, 2016)
National Institute of Standards and Technology
Federal Register Volume 81, Issue 29 (February 12, 2016)
| Page Range | 7506-7506 | |
| FR Document | 2016-02860 |
[Federal Register Volume 81, Number 29 (Friday, February 12, 2016)] [Notices] [Page 7506] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2016-02860] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket Number 151103999-6076-02] Views on the Framework for Improving Critical Infrastructure Cybersecurity AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice; extension of comment period. ----------------------------------------------------------------------- SUMMARY: The National Institute of Standards and Technology (NIST) is extending the period for submitting comments relating to the ``Framework for Improving Critical Infrastructure Cybersecurity'' (the ``Framework'') through February 23, 2016. In a Request for Information (RFI) that published in the Federal Register on December 11, 2015 (80 FR 76934), NIST requested information about the variety of ways in which the Framework is being used to improve cybersecurity risk management, how best practices for using the Framework are being shared, the relative value of different parts of the Framework, the possible need for an update of the Framework, and options for the long- term governance of the Framework. NIST is extending the comment period announced in the December 11, 2015 RFI from February 9, 2016 to February 23, 2016. DATES: Comments must be received by 5:00 p.m. Eastern time on February 23, 2016. Comments received after February 9, 2016 and before publication of this notice are deemed to be timely. ADDRESSES: Written comments may be submitted by mail to Diane Honeycutt, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899. Online submissions in electronic form may be sent to [email protected] in any of the following formats: HTML; ASCII; Word; RTF; or PDF. Please include your name and your organization's name (if any), and cite ``Views on the Framework for Improving Critical Infrastructure Cybersecurity'' in all correspondence. Comments containing references, studies, research, and other empirical data that are not widely published should include copies of the referenced materials. Please do not submit additional materials. All comments received in response to this RFI will be posted at http://www.nist.gov/cyberframework/cybersecurity-framework-rfi.cfm without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or confidential business information). FOR FURTHER INFORMATION CONTACT: For questions about this RFI contact: Diane Honeycutt, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899 or [email protected]. Please direct media inquiries to NIST's Office of Public Affairs at (301) 975-2762. SUPPLEMENTARY INFORMATION: NIST is extending the comment period announced in the December 11, 2015 Request for Information (RFI) (80 FR 76934) through February 23, 2016. NIST is authorized by the Cybersecurity Enhancement Act of 2014 \1\ to ``facilitate and support the development of a voluntary, consensus-based, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes to cost-effectively reduce cyber risks to critical infrastructure.'' \2\ Executive Order 13636, ``Improving Critical Infrastructure Cybersecurity'' \3\ tasked the Secretary of Commerce to direct the Director of NIST to lead the development of a framework to reduce cyber risks to critical infrastructure. A final version of Framework 1.0 was published on February 12, 2014, after a year-long, open process involving private and public sector organizations, including extensive industry input and public comments, and announced in the Federal Register (79 FR 9167) on February 18, 2014. On December 11, 2015 NIST published a RFI in the Federal Register (80 FR 76934) seeking information about the variety of ways in which the Framework is being used to improve cybersecurity risk management, how best practices for using the Framework are being shared, the relative value of different parts of the Framework, the possible need for an update of the Framework, and options for the long-term governance of the Framework. NIST is extending the comment period announced in the December 11, 2015 RFI from February 9, 2016 to February 23, 2016 to allow comments to be submitted during a timeframe in which a variety of cybersecurity events are scheduled to occur. --------------------------------------------------------------------------- \1\ Public Law 113-274 (2014): http://www.thefederalregister.org/fdsys/pkg/PLAW-113publ274/pdf/PLAW-113publ274.pdf \2\ Id., codified in relevant part at 15 U.S.C. 272(c)(15). Congress's intent was to codify NIST's role in Executive Order No. 13636: ``Title I would codify certain elements of Executive Order 13636 by directing the National Institute of Standards and Technology (NIST) to develop a framework of voluntary standards designed to reduce risks arising from cyberattacks on critical infrastructure that is privately owned and operated.'' S. Rep. No. 113-270, at 9 (2014). \3\ Exec. Order No. 13636, Improving Critical Infrastructure Cybersecurity, 78 FR 11739 (Feb. 19, 2013). Kevin Kimball, Chief of Staff. [FR Doc. 2016-02860 Filed 2-11-16; 8:45 am] BILLING CODE 3510-13-P
![7506 Federal Register / Vol. 81, No. 29 / Friday, February 12, 2016 / Notices
circumstances review are requested to for Improving Critical Infrastructure Enhancement Act of 2014 1 to ‘‘facilitate
submit with each argument: (1) A Cybersecurity’’ (the ‘‘Framework’’) and support the development of a
statement of the issue; (2) a brief through February 23, 2016. In a Request voluntary, consensus-based, industry-
summary of the argument; and (3) a for Information (RFI) that published in led set of standards, guidelines, best
table of authorities. Interested parties the Federal Register on December 11, practices, methodologies, procedures,
who wish to comment on the 2015 (80 FR 76934), NIST requested and processes to cost-effectively reduce
preliminary results must file briefs information about the variety of ways in cyber risks to critical infrastructure.’’ 2
electronically using Enforcement and which the Framework is being used to Executive Order 13636, ‘‘Improving
Compliance’s Antidumping and improve cybersecurity risk management, Critical Infrastructure Cybersecurity’’ 3
Countervailing Duty Centralized how best practices for using the tasked the Secretary of Commerce to
Electronic Service System (ACCESS). Framework are being shared, the direct the Director of NIST to lead the
ACCESS is available to registered users relative value of different parts of the development of a framework to reduce
at http://access.trade.gov. An Framework, the possible need for an
cyber risks to critical infrastructure. A
electronically-filed document must be update of the Framework, and options
final version of Framework 1.0 was
received successfully in its entirety by for the long-term governance of the
the Department’s electronic records Framework. NIST is extending the published on February 12, 2014, after a
system, ACCESS, by 5 p.m. Eastern comment period announced in the year-long, open process involving
Time on the date the document is due. December 11, 2015 RFI from February 9, private and public sector organizations,
Interested parties that wish to request 2016 to February 23, 2016. including extensive industry input and
a hearing must submit a written request public comments, and announced in the
DATES: Comments must be received by Federal Register (79 FR 9167) on
to the Assistant Secretary for
5:00 p.m. Eastern time on February 23, February 18, 2014. On December 11,
Enforcement and Compliance, filed
2016. Comments received after February 2015 NIST published a RFI in the
electronically via ACCESS, within 14
9, 2016 and before publication of this
days of publication of this notice.19 Federal Register (80 FR 76934) seeking
notice are deemed to be timely.
Parties will be notified of the time and information about the variety of ways in
date of any hearing, if requested.20 ADDRESSES: Written comments may be which the Framework is being used to
Consistent with 19 CFR 351.216(e), submitted by mail to Diane Honeycutt, improve cybersecurity risk management,
we intend to issue the final results of National Institute of Standards and how best practices for using the
this changed circumstance review no Technology, 100 Bureau Drive, Stop Framework are being shared, the
later than 270 days after the date on 8930, Gaithersburg, MD 20899. Online relative value of different parts of the
which this review was initiated, or submissions in electronic form may be Framework, the possible need for an
within 45 days of publication of these sent to cyberframework@nist.gov in any update of the Framework, and options
preliminary results if all parties agree to of the following formats: HTML; ASCII; for the long-term governance of the
our preliminary finding. Word; RTF; or PDF. Please include your
Framework. NIST is extending the
We are issuing and publishing this name and your organization’s name (if
finding and notice in accordance with comment period announced in the
any), and cite ‘‘Views on the Framework
sections 751(b)(1) and 777(i)(1) of the for Improving Critical Infrastructure December 11, 2015 RFI from February 9,
Act, and 19 CFR 351.216 and Cybersecurity’’ in all correspondence. 2016 to February 23, 2016 to allow
351.221(c)(3)(ii). Comments containing references, comments to be submitted during a
studies, research, and other empirical timeframe in which a variety of
Dated: February 5, 2016.
data that are not widely published cybersecurity events are scheduled to
Paul Piquado,
should include copies of the referenced occur.
Assistant Secretary for Enforcement and
Compliance. materials. Please do not submit Kevin Kimball,
additional materials.
[FR Doc. 2016–02997 Filed 2–11–16; 8:45 am] Chief of Staff.
BILLING CODE 3510–DS–P
All comments received in response to [FR Doc. 2016–02860 Filed 2–11–16; 8:45 am]
this RFI will be posted at http://www.
BILLING CODE 3510–13–P
nist.gov/cyberframework/cybersecurity-
DEPARTMENT OF COMMERCE framework-rfi.cfm without change or
redaction, so commenters should not
National Institute of Standards and include information they do not wish to
Technology be posted (e.g., personal or confidential
[Docket Number 151103999–6076–02]
business information).
FOR FURTHER INFORMATION CONTACT: For
Views on the Framework for Improving questions about this RFI contact: Diane 1 Public Law 113–274 (2014): http://www.gpo.
Critical Infrastructure Cybersecurity Honeycutt, National Institute of gov/fdsys/pkg/PLAW-113publ274/pdf/PLAW-
AGENCY: National Institute of Standards Standards and Technology, 100 Bureau 113publ274.pdf
and Technology, Commerce. Drive, Stop 8930, Gaithersburg, MD 2 Id., codified in relevant part at 15 U.S.C.
20899 or cyberframework@nist.gov. 272(c)(15). Congress’s intent was to codify NIST’s
ACTION: Notice; extension of comment
Please direct media inquiries to NIST’s role in Executive Order No. 13636: ‘‘Title I would
period.
asabaliauskas on DSK9F6TC42PROD with NOTICES2
Office of Public Affairs at (301) 975– codify certain elements of Executive Order 13636
2762. by directing the National Institute of Standards and
SUMMARY: The National Institute of Technology (NIST) to develop a framework of
Standards and Technology (NIST) is voluntary standards designed to reduce risks arising
SUPPLEMENTARY INFORMATION: NIST is
extending the period for submitting from cyberattacks on critical infrastructure that is
extending the comment period
comments relating to the ‘‘Framework privately owned and operated.’’ S. Rep. No. 113–
announced in the December 11, 2015 270, at 9 (2014).
19 See 19 CFR 351.310(c); see also 19 CFR 351.303
Request for Information (RFI) (80 FR 3 Exec. Order No. 13636, Improving Critical
for general filing requirements. 76934) through February 23, 2016. NIST Infrastructure Cybersecurity, 78 FR 11739 (Feb. 19,
20 See 19 CFR 351.310. is authorized by the Cybersecurity 2013).
VerDate Sep<11>2014 17:38 Feb 11, 2016 Jkt 238001 PO 00000 Frm 00010 Fmt 4703 Sfmt 9990 E:\FR\FM\12FEN1.SGM 12FEN1](https://thefederalregister.org/doc/81_FR_7535/page/1.svg)
Document Created: 2016-02-12 01:23:48
Document Modified: 2016-02-12 01:23:48
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice; extension of comment period. | |
| Dates | Comments must be received by 5:00 p.m. Eastern time on February 23, 2016. Comments received after February 9, 2016 and before publication of this notice are deemed to be timely. | |
| Contact | For questions about this RFI contact: Diane Honeycutt, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899 or [email protected] Please direct media inquiries to NIST's Office of Public Affairs at (301) 975-2762. | |
| FR Citation | 81 FR 7506 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR