As we’ve previously noted, federal agencies have prioritized cybersecurity as a key issue, as reflected in FDA’s recent draft guidance on cybersecurity in medical devices. As part of a broader Executive Branch-wide effort, last week the National Institute of Standards and Technology (“NIST”) issued a “Discussion Draft of a Preliminary Cybersecurity Framework” pursuant to the President’s Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity. The NIST is drafting the Framework in consultation with industry, other government agencies, and other experts. The Framework is intended to provide the roadmap for the voluntary adoption of cybersecurity practices by owners and operators of critical infrastructure and in particular to guide businesses through a risk-based assessment and improvement of their cybersecurity posture. The formal “draft” of the Framework is due out in October, and the final Framework is required to be adopted by February 2014, one year after the issuance of the Executive Order. For additional details on the discussion draft, please see this client alert.