NIST Framework Utilization Survey

OMB Control Number: 1670-0027

OMB Expiration Date: 01/31/2021

CISA NIST Framework Utilization Survey

We would like to hear from each of you about your use of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The results of this survey will be used to improve our products and services. Your participation in this brief survey should take less than 2 minutes to complete.

Note: All responses are non-attributional and anonymous. Please do not enter any personally identifiable information (PII) about yourself or any other individuals in the text boxes provided.

Paperwork Reduction Act Burden Statement

The public reporting burden to complete this information collection is estimated at 2 minutes per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and the completing and reviewing the collected information. This collection of information is voluntary. An agency may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a currently valid OMB control number and expiration date. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to the DHS/CISA Mail Stop 0608, 245 Murray Lane SW, Arlington, VA 20598. ATTN: PRA [OMB Control Number 1670-0027].

What critical infrastructure sector are you in?

• <enter the CI sector’s name>

• <enter the CI sector’s name>

• <enter the CI sector’s name>

• <enter the CI sector’s name>

• <enter the CI sector’s name>

• <enter the CI sector’s name>

• <enter the CI sector’s name>

• <enter the CI sector’s name>

• <enter the CI sector’s name>

• Not applicable

What type of organization do you belong to?

• Federal Government

• State, Local, Tribal, Territorial Government

• Non-profit

• Academia

• Industry or private sector organization

• Other __________

What is the size of your organization?

• Up to 20 employees

• 20 to 100 employees

• 100 to 500 employees

• 500 to 5,000 employees

• 5,000+ employees

How is your organization is using the <enter NIST Cybersecurity Framework or NIST Critical Infrastructure Framework>?

• To inform our approach to <enter infrastructure or cyber security>.

• To serve as a basis for an assessment of our <enter infrastructure or cyber security> efforts.

• To serve as the foundational methodology for our technical approach to <enter infrastructure or cyber security>.

• To serve as a foundational methodology for a company-wide, leadership-driven <enter infrastructure or cyber> risk management effort.

• Our organization is not using the Framework.

• Other: Please explain ______________

If you have not used the <enter NIST Cybersecurity Framework or NIST Critical Infrastructure Framework>, why not?

• Planning to use in the future

• Using another standard

• Lack of resources to implement

• Not applicable in my organization

• Did not know existed

• Other: Please explain ______________