On August 28, 2013, the Obama Administration issued several documents relating to the Cybersecurity Framework that the President called for in Executive Order 13636: Improving Critical Infrastructure Cybersecurity. The documents include:

The Administration issued these documents in anticipation of receiving comments from reviewers before and during the Fourth Cybersecurity Framework workshop, which will take place on September 11 – 13, 2013 at the University of Texas at Dallas. Specifically, the Administration is seeking input regarding the following questions:

How can the Preliminary Framework:

  • Adequately define outcomes that strengthen cybersecurity and support business objectives?
  • Enable cost-effective implementation?
  • Appropriately integrate cybersecurity risk into business risk?
  • Provide the tools for senior executives and boards of directors to understand risk and mitigations at the appropriate level of detail?
  • Provide sufficient guidance and resources to aid businesses of all sizes while maintaining flexibility?

Will the Discussion Draft:

  • Be inclusive of, and not disruptive to, effective cybersecurity practices in use today?
  • Enable organizations to incorporate threat information?

Is the Discussion Draft:

  • Presented at the right level of specificity?
  • Sufficiently addressing unique privacy and civil liberties needs for critical infrastructure?