Editor’s Note: The comments on NIST’s Request for Information (RFI) on the Cybersecurity Framework prepared by the Center for Regulatory Effectiveness and Multinational Legal Services, PLLC on behalf of the Cybersecurity Consortium are attached here. Below is the Executive Summary.
Federal Determination of Industry Best Practices
The Center for Regulatory Effectiveness’ (CRE’s) comments on the Cybersecurity Framework focus on a single crucial issue:
- Establishing a process for federal determination of what constitutes an Industry Best Practice.
Two components which need to be included in the Framework’s process for determining Industry Best Practices are: