The National Institute for Standards and Technology (NIST) has issued a request for information on the coordination of a “critical infrastructure” cyber-security standards framework, as one of the initial steps of the White House Executive Order and Presidential Policy Directive on cyber-security. The framework will consist of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks for the U.S. Specifically, this request for information will help NIST identify, refine, and guide the many interrelated considerations, challenges, and efforts needed to develop the U.S. cyber-security framework. NIST will gather information from all diverse sectors of the U.S. economy, including the 16 “critical infrastructure” sectors, such as dams, healthcare, food, financial services, water, and IT.
Credit unions should continue to follow current data security and cyber-security rules, such as rules from the National Credit Union Administration and Federal Financial Institution Examination Council, and the Gramm–Leach–Bliley Act. CUNA continues to assess the impact of the “critical infrastructure” cyber-security framework, and work with the Financial Services Sector Coordinating Council and others to emphasize that the cyber-security framework should recognize existing, robust data security standards that are applicable to financial institutions, including credit unions, and that credit unions should not be unduly impacted from the cyber-security framework.
The Credit Union National Association (CUNA) is interested in your feedback if you have any concerns or comments with potential effects on credit unions. Please review the CUNA Comment Call on this information request and submit your comments to CUNA by March 25, 2013.