april 8, 2013 - national institute of standards …（2013年4月8日,国家标准u2026）.pdf

April 8, 2013 Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive Stop 8930 Gaithersburg, MD 20899 RE: Developing a Framework to Improve Critical Infrastructure Cybersecurity Dear Ms. Honeycutt: The American Gas Association (AGA) is pleased to submit comments in response to the Request for Information issued by the U.S. Department of Commerce, National Institute of Standards and Technology (NIST), in the Federal Register (78 FR 13024, pages 13024 - 13028) on February 26, 2013, seeking input on Developing a Framework To Improve Critical Infrastructure Cybersecurity. AGA, founded in 1918, represents more than 200 local energy companies that deliver clean natural gas throughout the United States. There are more than 71 million residential, commercial and industrial natural gas customers in the U.S., of which 92 percent — more than 65 million customers — receive their gas from AGA members. AGA is an advocate for local natural gas utility companies and provides a broad range of programs and services for member natural gas pipelines, marketers, gatherers, international gas companies and industry associates. Today, natural gas meets almost one-fourth of the United States’ energy needs. For more information, please visit . AGA surveyed a number of its natural gas distribution and transmission utility companies, and their collective comments are incorporated below. Current Risk Management Practices NIST solicits information about how organizations assess risk; how cybersecurity factors into that risk assessment; the current usage of existing cybersecurity frameworks, standards, and guidelines; and their management practices related to cybersecurity. In addition, NIST is interested in understanding whether particular frameworks, standards, guidelines, and/ or best practices are mandated by legal or regulatory requirements and the challenges organizations perceive in meeting such requirements. This will assist in