NIST draft framework expected in a day or two

The 16-day government shutdown delayed a key deadline for the cybersecurity framework under development by the National Institute of Standards and Technology, but a draft version is expected "in the next day or two," according to a NIST official.

A preliminary draft of the cybersecurity framework was due Oct. 10. But with most of NIST furloughed by the shutdown, officials working on the framework missed that deadline.

The pending release of the draft framework should allow for plenty of time for review ahead of NIST's next cybersecurity workshop, to be held Nov. 14-15 in Raleigh, N.C. Over the course of the year, NIST has convened a series of four workshops across the country to meet with leaders from industry, academia and public-sector groups to seek their input in assembling the guidance.

The recently added fifth workshop likely will help shape the "final" version of the framework set to emerge one year after President Barack Obama directed NIST to establish the guidelines.

The shutdown is not expected to delay the February 2014 deadline. In any case, officials have maintained that the framework's development will remain an ongoing process, even after the February release.

"After October, we're going to continue to kick this higher," Adam Sedgewick, NIST's senior IT policy adviser, said in July. "We're coming to the stage where we're looking at implementation and we get to see what it looks like when it's put into practice. We don't see February as the end. We see February as another step in the process, and we will continue to work with other agencies on other pieces of the executive order."