Communications Litigation Today was a Warren News publication.

ITI says it's seeing industry acceptance of NIST's Cybersecurity Framework

The Information Technology Industry Council (ITI) is “seeing the right trends illustrating that the marketplace is accepting” Version 1.0 of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, said Danielle Kriz, director-global cybersecurity policy, in a blog post (http://bit.ly/1rpPQmz). ITI was one of several information and communications technology (ICT) sector participants that submitted comments to NIST on industry use of the framework, which the agency released in February (see 1410140173). Companies in the ICT sector “are having new conversations about cybersecurity risk management” and the market is responding with new products and services to manage cyber risks outside the sector, Kriz said. ITI said it is urging NIST to “pivot away from developing a framework or standard and focus its work on” on its Privacy Engineering Objectives and Risk Model, which is meant to address gaps in privacy-related technical best practices. “Such a resource would be useful to organizations seeking to improve how they build privacy into their information management structures,” Kriz said. ITI suggested NIST seek out additional comment on the Cybersecurity Framework in a year’s time.