This post was written by Timothy J. Nagle.
NIST published the “Preliminary Cybersecurity Framework,” comprised of a Core, a Profile, and Information Tiers, in October. Comments were due by December 13th, and many industries, sectors and organizations have provided input. There is general industry support for the purpose, content, and collaborative development of the Framework, but less certainty around its eventual effect and implementation. Also, while the Framework is a rigorous set of standards and methodologies that one would expect of NIST, there is a possibility that a focus on privacy principles may frustrate development of the Framework as it has with information sharing legislation.
Please click here to read the issued Client Alert.