On May 16, the National Institute of Standards and Technology (NIST) released an initial analysis of the hundreds of comments it received in response to its request for information to begin developing the “Cybersecurity Framework” required by President Obama’s executive order. The analysis sifts from the comments characteristics and considerations the Framework must encompass and practices identified as having wide utility and adoption, and identifies initial gaps in the responses that must be addressed in order to meet the goals of the executive order. The paper also includes a series of questions that will serve as the basis for additional discussion and study at an upcoming workshop to be hosted at Carnegie Mellon University in Pittsburgh, Pennsylvania on May 29-31, 2013.