Major Changes to NIST Cybersecurity Framework Unlikely in 'Near Future,' White House Official Says

Wednesday. NIST is holding the workshop to collect stakeholders' input on their use of the framework since its release in February so the agency can make tweaks. “We feel that the framework is an excellent product” that currently requires only minor updates, Schwartz said. Information and communications technology sector stakeholders have said in comments to NIST that it’s still too early to fully evaluate the framework because the sector is still working to adapt the framework for sector-wide use (see 1410140173). AT&T Assistant Vice President-Global Public Policy Chris Boyer cautioned NIST during the workshop “not to rush too quickly” to make major changes to the framework. The Version 1.0 framework still needs time to “ferment,” particularly given ongoing work within the FCC’s Communications Security, Reliability and Interoperability Council (CSRIC) Working Group 4 to adapt the framework for the communications sector, Boyer said. AT&T was an early adopter of the NIST framework and is an active participant in CSRIC Working Group 4’s efforts, Boyer said. The telco is “optimistic” that the FCC’s overall efforts on cybersecurity “are turning in the right direction,” he said. CSRIC Working Group 4 remains on track to release a final report and recommendations on communications sector use of the NIST framework in March (see 1409240046).