NIST headquarters, Gaithersburg, Md. / NIST
The National Institutes of Standards and Technology will release the much-discussed voluntary cybersecurity framework Thursday, Feb. 12..
The agency released a preliminary plan in October that attracted more than 200 comments from federal agencies and businesses.
While there will be some changes to the draft, they will not be significant, NIST spokeswoman Jennifer Huergo said in January. Responses to the framework have been mixed.
“I think it’s very highly anticipated,” said Scott Montgomery, vice president and chief technology officer for the public sector at McAfee, an information security firm. If the final framework is seen as a way for people to “make their organizations better, without spending a ton of money,” Montgomery said, “I think it will be widely utilized, well received.”
Danielle Coffey, the vice president of government affairs at the Telecommunications Industry Association, wrote in a letter to NIST Dec. 13 that the agency must make sure the framework does not become a de factor regulation as agencies work on overhauling their own cybersecurity standards.
NIST should also provide better guidance on the scope of the framework and on how companies should work to achieve it, the letter said.