Joe Weiss has a thought provoking blog post on Unfettered:
http://www.controlglobal.com/blogs/unfettered/the-nist-framework-and-what-still-needs-to-be-done/
The issue he raises about benchmarks is a very important one. Without benchmarks, it will be very hard to grade performance against the NIST Framework for Cyber Security. Following the logic a little further, an inability to grade performance will send us back to legal compliance instead of practical methodology for cyber security improvement– which is the whole point, or should be.
Technical Services And Strategic Consulting For Technology Companies
