While many major industry groups and large companies are offering some level of support for the National Institute of Standards and Technology’s framework of cybersecurity standards, a few outliers believe NIST has missed the point entirely. With just over a month to go before NIST completes the framework, it’s unclear how the agency will address comments that call for a complete overhaul or significant expansion of its effort, although those comments will be examined.
Through the Voluntary Program, DHS is taking a look at what the government can do to encourage development of the cyber insurance market, which could address the points made in comments by attorney J. Wylie Donald of the law firm McCarter and English. “Donald writes that the preliminary framework fails to answer fundamental questions that NIST posed to reviewers “because it completely fails to address insurance.” Donald writes that the framework should “expressly include insurance as an activity addressed by some or all of the Core Functions.”