Internet Security Alliance (ISA) Joint Comments with American Gas Association (AGA), Utilities Telecom Council (UTC), Edison Electric Institute (EEI), Association of American Railroads (AAR), and CompTIA to the National Institute of Standards and Technology on “Framework for Improving Critical Infrastructure Cybersecurity”

February 19, 2016

We want to thank NIST both for the opportunity to respond to the Request for Information and the ongoing excellent work that NIST provides in working with the private sector to improve the nation’s cyber security. The initial NIST Framework for cyber security has not only proven to be a useful tool in enhancing the nation’s preparedness and resilience, but the process NIST employed in developing the Framework is a model for partnerships between government and industry.

Since the release of the Framework in February 2014 we have heard numerous accounts of organizations using and adapting the Framework to enhance their management of cyber risk and improve information sharing and communications processes across business structures and functions. In addition, other closely aligned tools such as the Department of Energy’s C2M2 have been aligned with the Framework and have greatly benefitted particular critical infrastructure sectors.

While we view the development of the NIST Framework as a significant, and worldleading, step toward a sustainably secure cyber system, we agree that our work together on this topic is far from complete. We therefore welcome your initiative in launching the RFI to advance the effort. (Click the link to read the whole filing)

| Downloadable Copy (PDF)