There’s been a flurry of activity around the NIST Cybersecurity Framework over the last year, driven by the NIST RFI and the responses, as well as the Workshop. These events highlighted many common themes, including the desire for more sharing about best practices, more gathering of resources, and ongoing consideration of industry feedback. As NIST maps out the roadmap for Framework evolution, it is more important than ever for the industry to speak up. Our friends at NIST have always been clear about their role – they are conveners and organizers of the process, but our industry needs to own this and to drive the evolution.
And as the best available open public discussion forum about the Framework, it is time for CForum to fulfill its potential. We need to grow this from a well-intentioned but low-traffic discussion site into “must-see IT” about the Cybersecurity Framework. The place where people and enterprises share stories, ideas, resources, feedback. Your comments from the Workshop notes and the RFIs were loud and clear – the need is there – but it’s up to folks like us to do something constructive to make it happen.
So here’s my part – I’ve agreed to be the volunteer Executive Director for CForum. I’d describe it as a combination of instigator, cat-herder, and maybe catalyst for conversation. I’ve spoken to many of you across the industry, and there’s a general feeling that the Framework has become the closest thing around to a universal discussion baseline, but we need a way to focus, share, and drive this conversation. And through my “day job” with the Center for Internet Security, I’ll share the work that we have done to align with the Framework.
Your part? Speak up, share your stories, ideas, even your frustrations with the Framework. As a friend once told me, “you’re not writing the Federalist Papers” – write down what you think, let the ideas flow, and see what happens. And grab your industry friends and colleagues to bring them into the CForum discussion.
The cybersecurity problem is real, and it affects us all. After 40 years in this business, one thing I truly appreciate is the chance to work with so many talented people of good will. But that’s not enough - we also need to get organized, and get focused on action. Let’s start here!
Center for Internet Security