WASHINGTON (8/28/13)--The Financial Services Sector Coordinating Council for Critical Infrastructure (FSSCC) participated in a meeting at the U.S. Department of Commerce Tuesday to discuss the National Institute of Standards and Technology (NIST) critical infrastructure cybersecurity framework to implement parts of the president's Executive Order on cybersecurity. The Credit Union National Association is part of the FSSCC.
At the meeting, NIST Director Patrick Gallagher and other senior staff discussed upcoming cybersecurity developments. CUNA and other representatives discussed the need for additional regulatory coordination with the federal financial regulators, including the National Credit Union Administration, and other agencies to ensure that the NIST framework is consistent with existing rules and regulations.
On July 1, NIST released a discussion draft outline on a "Framework to Reduce Cyber Risks to Critical Infrastructure" (see resource link).
"We are encouraged the draft framework is being developed through a private-public partnership and is designed to be an 'adaptable, flexible, and scalable tool for voluntary use' to 'complement rather than to conflict with current regulatory authorities,'" said Dennis Tsang, CUNA regulatory counsel, who attended the meeting.
NIST plans to issue a proposed cyber framework this October for notice and comment, and to finalize the framework by February 2014.
CUNA submitted a comment letter NIST in April, emphasizing that credit unions and financial institutions are already subject to robust data security requirements and standards, and should not be subject to additional regulations. However, CUNA stressed that additional coordination on cybersecurity would be helpful. Use the second resource link to read the CUNA comment letter.