Cybersecurity Framework, 9167-9168 [2014-03495]
Download as PDF
<![CDATA[
Federal Register / Vol. 79, No. 32 / Tuesday, February 18, 2014 / Notices
• 0.15 percent of zirconium.
Steel threaded rod is currently classifiable
under subheadings 7318.15.5051,
7318.15.5056, 7318.15.5090 and
7318.15.2095 of the Harmonized Tariff
Schedule of the United States (‘‘HTSUS’’).
Although the HTSUS subheadings are
provided for convenience and customs
purposes, the written description of the
merchandise is dispositive.
Excluded from the scope of this
investigation are: (a) threaded rod, bar, or
studs which are threaded only on one or both
ends and the threading covers 25 percent or
less of the total length; and (b) threaded rod,
bar, or studs made to American Society for
Testing and Materials (‘‘ASTM’’) A193 Grade
B7, ASTM A193 Grade B7M, ASTM A193
Grade B16, and ASTM A320 Grade L7.
Appendix II
List of Topics Discussed in the Preliminary
Decision Memorandum
1. Summary
2. Background
a. Initiation
b. Period of Investigation
c. Postponement of Preliminary
Determination
d. Postponement of Final Determination
and Extension of Provisional Measures
e. Scope of the Investigation
f. Scope Comments
g. Respondent Selection
h. Application of Facts Available
i. Babu
j. Adverse Facts Available
k. Corroboration of Information
l. All Others Rate
m. Critical Circumstances
3. Discussion of the Methodology
a. Affiliation and Collapsing
b. Date of Sale
c. Fair Value Comparisons
d. Determination of Comparison Method
e. Results of the DP Analysis
f. Product Comparisons
g. Export Price
h. Constructed Export Price
i. Normal Value
j. Currency Conversion
k. Verification
l. International Trade Commission
Notification
4. Conclusion
[FR Doc. 2014–03483 Filed 2–14–14; 8:45 am]
BILLING CODE 3510–DS–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 130909789–4078–02]
tkelley on DSK3SPTVN1PROD with NOTICES
Cybersecurity Framework
National Institute of Standards
and Technology (NIST), Department of
Commerce.
ACTION: Notice.
AGENCY:
This notice announces the
issuance of the Cybersecurity
SUMMARY:
VerDate Mar<15>2010
20:58 Feb 14, 2014
Jkt 232001
Framework (the ‘‘Cybersecurity
Framework’’ or ‘‘Framework’’). The
Framework was developed by NIST
using information collected through the
Request for Information (RFI) that was
published in the Federal Register on
February 26, 2013, a series of open
public workshops, and a 45-day public
comment period announced in the
Federal Register on October 29, 2013.
The Framework was developed in
response to NIST responsibilities
directed in Executive Order 13636,
‘‘Improving Critical Infrastructure
Cybersecurity’’ (‘‘Executive Order’’).
Under the Executive Order, the
Secretary of Commerce is tasked to
direct the Director of NIST to lead the
development of a framework to reduce
cyber risks to critical infrastructure. The
Framework consists of standards,
methodologies, procedures and
processes that align policy, business,
and technological approaches to address
cyber risks. The Framework is available
electronically from the NIST Web site
at: https://www.nist.gov/cyberframework.
The Cybersecurity Framework
was published on February 12, 2014.
DATES:
The Cybersecurity
Framework is available electronically
from the NIST Web site at: https://
www.nist.gov/cyberframework.
ADDRESSES:
FOR FURTHER INFORMATION CONTACT:
Diane Honeycutt, telephone: 301–975–
8443, National Institute of Standards
and Technology, 100 Bureau Drive, Stop
8930, Gaithersburg, MD 20899–8930 or
via email: diane.honeycutt@nist.gov.
Please direct media inquiries to NIST’s
Public Affairs Office at (301) 975–NIST.
The
national and economic security of the
United States depends on the reliable
functioning of critical infrastructure,1
which has become increasingly
dependent on information technology.
Recent trends demonstrate the need for
improved capabilities for defending
against malicious cyber activity. Such
activity is increasing, and its
consequences can range from theft
through disruption to destruction. Steps
must be taken to enhance existing
efforts to increase the protection and
resilience of this infrastructure, while
maintaining a cyber environment that
encourages efficiency, innovation, and
SUPPLEMENTARY INFORMATION:
1 For the purposes of this notice the term ‘‘critical
infrastructure’’ has the meaning given the term in
42 U.S.C. 5195c(e), ‘‘systems and assets, whether
physical or virtual, so vital to the United States that
the incapacity or destruction of such systems and
assets would have a debilitating impact on security,
national economic security, national public health
or safety, or any combination of those matters.’’
PO 00000
Frm 00011
Fmt 4703
Sfmt 4703
9167
economic prosperity, while protecting
privacy and civil liberties.
Under the Executive Order,2 the
Secretary of Commerce is tasked to
direct the Director of NIST to lead the
development of a framework to reduce
cyber risks to critical infrastructure (the
‘‘Cybersecurity Framework’’ or
‘‘Framework’’). The Cybersecurity
Framework consists of standards,
methodologies, procedures and
processes that align policy, business,
and technological approaches to address
cyber risks. Given the diversity of
sectors in critical infrastructure, the
Framework development process was
designed to initially identify crosssector security standards and guidelines
that are immediately applicable or likely
to be applicable to critical
infrastructure, to increase visibility and
adoption of those standards and
guidelines, and to find potential areas
for improvement (i.e., where standards/
guidelines are nonexistent or where
existing standards/guidelines are
inadequate) that need to be addressed
through future collaboration with
industry and industry-led standards
bodies. The Cybersecurity Framework
incorporates voluntary consensus
standards and industry best practices to
the fullest extent possible and is
consistent with voluntary international
consensus-based standards when such
international standards advance the
objectives of the Executive Order. The
Cybersecurity Framework is designed
for compatibility with existing
regulatory authorities and regulations.
The Cybersecurity Framework
provides a prioritized, flexible,
repeatable, performance-based, and
cost-effective approach, including
information security measures and
controls to help owners and operators of
critical infrastructure and other
interested entities to identify, assess,
and manage cybersecurity-related risk
while protecting business
confidentiality, individual privacy and
civil liberties. To enable technical
innovation and account for
organizational differences, the
Cybersecurity Framework does not
prescribe particular technological
solutions or specifications. It includes
guidance for measuring the performance
of an entity in implementing the
Cybersecurity Framework and includes
methodologies to identify and mitigate
impacts of the Framework and
associated information security
measures and controls on business
2 Exec. Order No. 13636, Improving Critical
Infrastructure Cybersecurity, 78 FR 11739 (February
19, 2013).
E:\FR\FM\18FEN1.SGM
18FEN1
tkelley on DSK3SPTVN1PROD with NOTICES
9168
Federal Register / Vol. 79, No. 32 / Tuesday, February 18, 2014 / Notices
confidentiality and to protect individual
privacy and civil liberties.
As a non-regulatory Federal agency,
NIST developed the Framework in a
manner that is consistent with its
mission to promote U.S. innovation and
industrial competitiveness through the
development of standards and
guidelines in consultation with
stakeholders in both government and
industry. The Framework provides
owners and operators of critical
infrastructure the ability to implement
security practices in the most effective
manner while allowing organizations to
express requirements to multiple
authorities and regulators. Issues
relating to harmonization of existing
relevant standards and integration with
existing frameworks were also
considered. While the focus is on the
Nation’s critical infrastructure, the
Framework was developed in a manner
to promote wide adoption of practices to
increase cybersecurity across all sectors
and industry types.
The Framework was developed
through an open public review and
comment process that included
information collected through a Request
for Information (RFI), a series of public
workshops, and a 45-day public
comment period on the preliminary
version of the Cybersecurity Framework
(‘‘preliminary Framework’’).
NIST published the RFI in the Federal
Register (78 FR 13024) on February 26,
2013.3 Comments received in response
to the RFI are available at https://
csrc.nist.gov/cyberframework/rfi_
comments.html.
NIST held five open public
workshops to provide the public with
additional opportunities to provide
input. The first workshop was
conducted on April 3, 2013, at the
Department of Commerce in
Washington, DC The second workshop
was conducted on May 29–31, 2013, at
Carnegie Mellon University in
Pittsburgh, Pennsylvania. The third
workshop was conducted on July 10–12,
2013, at the University of California,
San Diego. The fourth workshop was
conducted on September 11–13, 2013, at
the University of Texas at Dallas. The
fifth workshop was conducted on
November 14–15, 2013, at the North
Carolina State University in Raleigh,
North Carolina. Agenda, discussion
materials, and presentation slides for
each of these workshops are available at
https://www.nist.gov/cyberframework/
cybersecurity-framework-events.cfm.
3 https://www.federalregister.gov/articles/2013/
02/26/2013–04413/developing-a-framework-toimprove-critical-infrastructure-cybersecurity
VerDate Mar<15>2010
20:58 Feb 14, 2014
Jkt 232001
NIST issued the preliminary
Framework and announced a 45-day
public comment period in the Federal
Register (78 FR 64478) on October 29,
2013.4 Comments received in response
to the public comment period on the
preliminary Framework are available at
https://csrc.nist.gov/cyberframework/
preliminary_framework_
comments.html.
Throughout the process, NIST issued
public updates on the development of
the Cybersecurity Framework.
NIST issued the first update on June
18, 2013, and it is available at https://
www.nist.gov/itl/upload/nist_
cybersecurity_framework_update_
061813.pdf. NIST issued the second
update on July 24, 2013, and it is
available at https://www.nist.gov/itl/
upload/NIST-Cybersecurity-FrameworkUpdate-072413.pdf.
NIST issued the third update on
December 4, 2013, and it is available
athttps://www.nist.gov/itl/upload/nist_
cybersecurity_framework_update_
120413.pdf.
NIST issued the fourth update on
January 15, 2014, and it is available at
https://www.nist.gov/cyberframework/
upload/NIST-Cybersecurity-FrameworkUpdate-011514–2.pdf. The fourth
update was issued after the conclusion
of the public comment period for the
preliminary Framework and highlights
major themes reflected in the
submissions, along with NIST’s
responses to these comments.
The Framework incorporates existing
consensus-based standards to the fullest
extent possible, consistent with
requirements of the National
Technology Transfer and Advancement
Act of 1995,5 and guidance provided by
Office of Management and Budget
Circular A–119, ‘‘Federal Participation
in the Development and Use of
Voluntary Consensus Standards and in
Conformity Assessment Activities.’’ 6
Principles articulated in the Executive
Office of the President memorandum
M–12–08 ‘‘Principles for Federal
Engagement in Standards Activities to
Address National Priorities’’ 7 are
followed. The Framework is also
consistent with, and supported by the
broad policy goals of, the
Administration’s 2010 ‘‘National
Security Strategy,’’8 2011 ‘‘Cyberspace
4 https://www.federalregister.gov/articles/2013/
10/29/2013–25566/request-for-comments-on-thepreliminary-cybersecurity-framework
5 Public Law 104–113 (1996), codified in relevant
part at 15 U.S.C 272(b).
6 https://www.whitehouse.gov/omb/circulars_a119
7 https://www.whitehouse.gov/sites/default/files/
omb/memoranda/2012/m-12–08.pdf
8 https://www.whitehouse.gov/sites/default/files/
rss_viewer/national_security_strategy.pdf
PO 00000
Frm 00012
Fmt 4703
Sfmt 4703
Policy Review,’’ 9 ‘‘International
Strategy for Cyberspace’’ 10 of May 2011
and HSPD–7 ‘‘Critical Infrastructure
Identification, Prioritization, and
Protection.’’ 11
Dated: February 11, 2014.
Patrick Gallagher,
Under Secretary of Commerce for Standards
and Technology.
[FR Doc. 2014–03495 Filed 2–14–14; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
Proposed Information Collection;
Comment Request; DOC National
Environmental Policy Act
Environmental Questionnaire and
Checklist
National Oceanic and
Atmospheric Administration,
Commerce.
ACTION: Notice.
AGENCY:
The Department of
Commerce, as part of its continuing
effort to reduce paperwork and
respondent burden, invites the general
public and other Federal agencies to
take this opportunity to comment on
proposed and/or continuing information
collections, as required by the
Paperwork Reduction Act of 1995.
DATES: Written comments must be
submitted on or before April 21, 2014.
ADDRESSES: Direct all written comments
to Jennifer Jessup, Departmental
Paperwork Clearance Officer,
Department of Commerce, Room 6616,
14th and Constitution Avenue NW.,
Washington, DC 20230 (or via the
Internet at JJessup@doc.gov).
FOR FURTHER INFORMATION CONTACT:
Requests for additional information or
copies of the information collection
instrument and instructions should be
directed to Steve Kokkinakis at 240–
533–9021 or steve.kokkinakis@
noaa.gov.
SUPPLEMENTARY INFORMATION:
SUMMARY:
I. Abstract
This request is for revision and
extension of a currently approved
information collection.
The National Environmental Policy
Act (NEPA) (42 U.S.C. 4321–4347) and
9 https://www.whitehouse.gov/assets/documents/
Cyberspace_Policy_Review_final.pdf
10 https://www.whitehouse.gov/sites/default/files/
rss_viewer/international_strategy_for_
cyberspace.pdf
11 https://www.whitehouse.gov/sites/default/files/
omb/memoranda/fy04/m-04–15.pdf
E:\FR\FM\18FEN1.SGM
18FEN1
]]>Agencies
[Federal Register Volume 79, Number 32 (Tuesday, February 18, 2014)]
[Notices]
[Pages 9167-9168]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-03495]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 130909789-4078-02]
Cybersecurity Framework
AGENCY: National Institute of Standards and Technology (NIST),
Department of Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: This notice announces the issuance of the Cybersecurity
Framework (the ``Cybersecurity Framework'' or ``Framework''). The
Framework was developed by NIST using information collected through the
Request for Information (RFI) that was published in the Federal
Register on February 26, 2013, a series of open public workshops, and a
45-day public comment period announced in the Federal Register on
October 29, 2013. The Framework was developed in response to NIST
responsibilities directed in Executive Order 13636, ``Improving
Critical Infrastructure Cybersecurity'' (``Executive Order''). Under
the Executive Order, the Secretary of Commerce is tasked to direct the
Director of NIST to lead the development of a framework to reduce cyber
risks to critical infrastructure. The Framework consists of standards,
methodologies, procedures and processes that align policy, business,
and technological approaches to address cyber risks. The Framework is
available electronically from the NIST Web site at: https://www.nist.gov/cyberframework.
DATES: The Cybersecurity Framework was published on February 12, 2014.
ADDRESSES: The Cybersecurity Framework is available electronically from
the NIST Web site at: https://www.nist.gov/cyberframework.
FOR FURTHER INFORMATION CONTACT: Diane Honeycutt, telephone: 301-975-
8443, National Institute of Standards and Technology, 100 Bureau Drive,
Stop 8930, Gaithersburg, MD 20899-8930 or via email:
diane.honeycutt@nist.gov. Please direct media inquiries to NIST's
Public Affairs Office at (301) 975-NIST.
SUPPLEMENTARY INFORMATION: The national and economic security of the
United States depends on the reliable functioning of critical
infrastructure,\1\ which has become increasingly dependent on
information technology. Recent trends demonstrate the need for improved
capabilities for defending against malicious cyber activity. Such
activity is increasing, and its consequences can range from theft
through disruption to destruction. Steps must be taken to enhance
existing efforts to increase the protection and resilience of this
infrastructure, while maintaining a cyber environment that encourages
efficiency, innovation, and economic prosperity, while protecting
privacy and civil liberties.
---------------------------------------------------------------------------
\1\ For the purposes of this notice the term ``critical
infrastructure'' has the meaning given the term in 42 U.S.C.
5195c(e), ``systems and assets, whether physical or virtual, so
vital to the United States that the incapacity or destruction of
such systems and assets would have a debilitating impact on
security, national economic security, national public health or
safety, or any combination of those matters.''
---------------------------------------------------------------------------
Under the Executive Order,\2\ the Secretary of Commerce is tasked
to direct the Director of NIST to lead the development of a framework
to reduce cyber risks to critical infrastructure (the ``Cybersecurity
Framework'' or ``Framework''). The Cybersecurity Framework consists of
standards, methodologies, procedures and processes that align policy,
business, and technological approaches to address cyber risks. Given
the diversity of sectors in critical infrastructure, the Framework
development process was designed to initially identify cross-sector
security standards and guidelines that are immediately applicable or
likely to be applicable to critical infrastructure, to increase
visibility and adoption of those standards and guidelines, and to find
potential areas for improvement (i.e., where standards/guidelines are
nonexistent or where existing standards/guidelines are inadequate) that
need to be addressed through future collaboration with industry and
industry-led standards bodies. The Cybersecurity Framework incorporates
voluntary consensus standards and industry best practices to the
fullest extent possible and is consistent with voluntary international
consensus-based standards when such international standards advance the
objectives of the Executive Order. The Cybersecurity Framework is
designed for compatibility with existing regulatory authorities and
regulations.
---------------------------------------------------------------------------
\2\ Exec. Order No. 13636, Improving Critical Infrastructure
Cybersecurity, 78 FR 11739 (February 19, 2013).
---------------------------------------------------------------------------
The Cybersecurity Framework provides a prioritized, flexible,
repeatable, performance-based, and cost-effective approach, including
information security measures and controls to help owners and operators
of critical infrastructure and other interested entities to identify,
assess, and manage cybersecurity-related risk while protecting business
confidentiality, individual privacy and civil liberties. To enable
technical innovation and account for organizational differences, the
Cybersecurity Framework does not prescribe particular technological
solutions or specifications. It includes guidance for measuring the
performance of an entity in implementing the Cybersecurity Framework
and includes methodologies to identify and mitigate impacts of the
Framework and associated information security measures and controls on
business
[[Page 9168]]
confidentiality and to protect individual privacy and civil liberties.
As a non-regulatory Federal agency, NIST developed the Framework in
a manner that is consistent with its mission to promote U.S. innovation
and industrial competitiveness through the development of standards and
guidelines in consultation with stakeholders in both government and
industry. The Framework provides owners and operators of critical
infrastructure the ability to implement security practices in the most
effective manner while allowing organizations to express requirements
to multiple authorities and regulators. Issues relating to
harmonization of existing relevant standards and integration with
existing frameworks were also considered. While the focus is on the
Nation's critical infrastructure, the Framework was developed in a
manner to promote wide adoption of practices to increase cybersecurity
across all sectors and industry types.
The Framework was developed through an open public review and
comment process that included information collected through a Request
for Information (RFI), a series of public workshops, and a 45-day
public comment period on the preliminary version of the Cybersecurity
Framework (``preliminary Framework'').
NIST published the RFI in the Federal Register (78 FR 13024) on
February 26, 2013.\3\ Comments received in response to the RFI are
available at https://csrc.nist.gov/cyberframework/rfi_comments.html.
---------------------------------------------------------------------------
\3\ https://www.federalregister.gov/articles/2013/02/26/2013-04413/developing-a-framework-to-improve-critical-infrastructure-cybersecurity
---------------------------------------------------------------------------
NIST held five open public workshops to provide the public with
additional opportunities to provide input. The first workshop was
conducted on April 3, 2013, at the Department of Commerce in
Washington, DC The second workshop was conducted on May 29-31, 2013, at
Carnegie Mellon University in Pittsburgh, Pennsylvania. The third
workshop was conducted on July 10-12, 2013, at the University of
California, San Diego. The fourth workshop was conducted on September
11-13, 2013, at the University of Texas at Dallas. The fifth workshop
was conducted on November 14-15, 2013, at the North Carolina State
University in Raleigh, North Carolina. Agenda, discussion materials,
and presentation slides for each of these workshops are available at
https://www.nist.gov/cyberframework/cybersecurity-framework-events.cfm.
NIST issued the preliminary Framework and announced a 45-day public
comment period in the Federal Register (78 FR 64478) on October 29,
2013.\4\ Comments received in response to the public comment period on
the preliminary Framework are available at https://csrc.nist.gov/cyberframework/preliminary_framework_comments.html.
---------------------------------------------------------------------------
\4\ https://www.federalregister.gov/articles/2013/10/29/2013-25566/request-for-comments-on-the-preliminary-cybersecurity-framework
---------------------------------------------------------------------------
Throughout the process, NIST issued public updates on the
development of the Cybersecurity Framework.
NIST issued the first update on June 18, 2013, and it is available
at https://www.nist.gov/itl/upload/nist_cybersecurity_framework_update_061813.pdf. NIST issued the second update on July 24, 2013, and
it is available at https://www.nist.gov/itl/upload/NIST-Cybersecurity-Framework-Update-072413.pdf.
NIST issued the third update on December 4, 2013, and it is
available athttps://www.nist.gov/itl/upload/nist_cybersecurity_framework_update_120413.pdf.
NIST issued the fourth update on January 15, 2014, and it is
available at https://www.nist.gov/cyberframework/upload/NIST-Cybersecurity-Framework-Update-011514-2.pdf. The fourth update was
issued after the conclusion of the public comment period for the
preliminary Framework and highlights major themes reflected in the
submissions, along with NIST's responses to these comments.
The Framework incorporates existing consensus-based standards to
the fullest extent possible, consistent with requirements of the
National Technology Transfer and Advancement Act of 1995,\5\ and
guidance provided by Office of Management and Budget Circular A-119,
``Federal Participation in the Development and Use of Voluntary
Consensus Standards and in Conformity Assessment Activities.'' \6\
Principles articulated in the Executive Office of the President
memorandum M-12-08 ``Principles for Federal Engagement in Standards
Activities to Address National Priorities'' \7\ are followed. The
Framework is also consistent with, and supported by the broad policy
goals of, the Administration's 2010 ``National Security Strategy,''\8\
2011 ``Cyberspace Policy Review,'' \9\ ``International Strategy for
Cyberspace'' \10\ of May 2011 and HSPD-7 ``Critical Infrastructure
Identification, Prioritization, and Protection.'' \11\
---------------------------------------------------------------------------
\5\ Public Law 104-113 (1996), codified in relevant part at 15
U.S.C 272(b).
\6\ https://www.whitehouse.gov/omb/circulars_a119
\7\ https://www.whitehouse.gov/sites/default/files/omb/memoranda/2012/m-12-08.pdf
\8\ https://www.whitehouse.gov/sites/default/files/rss_viewer/national_security_strategy.pdf
\9\ https://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf
\10\ https://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf
\11\ https://www.whitehouse.gov/sites/default/files/omb/memoranda/fy04/m-04-15.pdf
Dated: February 11, 2014.
Patrick Gallagher,
Under Secretary of Commerce for Standards and Technology.
[FR Doc. 2014-03495 Filed 2-14-14; 8:45 am]
BILLING CODE 3510-13-P
