Cybersecurity framework could be mandatory for some companies

Editor’s Note:  Mr. Perera is correct.  Many companies should not consider either the Executive Order or the Presidential Policy Directive to be voluntary.  Instead, cyber security is an example of Regulation by Execuitve Order

From: FierceGovernmentIT

By

Adoption of the cybersecurity framework called for by an executive order on  cybersecurity signed by President Obama on Feb. 12 might not be voluntary for companies regulated by federal agencies with authority to require adoption–specifically those “agencies with responsibility for regulating the security of critical  infrastructure,” the executive order says.

Whether those regulatory agencies have authority to mandate adoption will be the subject of a 90 day review to occur after publication of the draft  framework, which is set to occur in October. Should the review determine current authority doesn’t exist, section 10 of the executive order directs those agencies to propose within 90 days of the framework’s final publication new regulations that allow them to “mitigate cyber risk.”

“Adoption of the framework will be voluntary for companies that do not fall under a regulatory agency with the authority to adopt the framework into its rules or if the regulatory agency determines that regulation is not necessary,” the White House said in response to an inquiry.

Read Complete Article

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *