ITI says it's seeing industry acceptance of NIST's Cybersecurity Framework
The Information Technology Industry Council (ITI) is “seeing the right trends illustrating that the marketplace is accepting” Version 1.0 of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, said Danielle Kriz, director-global cybersecurity policy, in a blog post…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
(http://bit.ly/1rpPQmz). ITI was one of several information and communications technology (ICT) sector participants that submitted comments to NIST on industry use of the framework, which the agency released in February (see 1410140173). Companies in the ICT sector “are having new conversations about cybersecurity risk management” and the market is responding with new products and services to manage cyber risks outside the sector, Kriz said. ITI said it is urging NIST to “pivot away from developing a framework or standard and focus its work on” on its Privacy Engineering Objectives and Risk Model, which is meant to address gaps in privacy-related technical best practices. “Such a resource would be useful to organizations seeking to improve how they build privacy into their information management structures,” Kriz said. ITI suggested NIST seek out additional comment on the Cybersecurity Framework in a year’s time.