In the meantime, the National Institute of Standards and Technology, the division of the Commerce Department that issued the administration's cybersecurity framework, has put out a call for comments from businesses that have put the guidelines into place. Commerce describes the NIST framework released earlier this year as "version 1.0" in its request for information, and Welsh stresses that the administration is eager to receive and incorporate feedback from industry. NIST has scheduled a workshop Oct. 29-30 in Tampa to discuss the framework.
"We are still in the early stages of an ongoing process," Welsh says. "We will continue to need a sustained and fulsome dialogue between government and private sector to ensure the framework is a living document."
Sign up for CIO Asia eNewsletters.