President Obama tasked NIST to develop a Cybersecurity Framework “to reduce cyber risks to critical infrastructure (the “Cybersecurity Framework”). The Cybersecurity Framework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. The Cybersecurity Framework shall incorporate voluntary consensus standards and industry best practices to the fullest extent possible.”
After five workshops and a lot of expedited work the Preliminary Cybersecurity Framework is out, and NIST is requesting comments through December 13th.
In this edition of the Unsolicited Response Podcast I talk with Jack Whitsitt of EnergySec. Jack attended all Cybersecurity Framework workshops and was actively involved in providing input and comments in a variety of formats. He also is a very unique and creative thinker.
I talk with Jack about the good and bad about the process of creating the framework and the end result, as well as what to expect in the use of the framework and further development of the framework.