Joe Weiss has a thought provoking blog post on Unfettered:
http://www.controlglobal.com/blogs/unfettered/the-nist-framework-and-what-still-needs-to-be-done/
The issue he raises about benchmarks is a very important one. Without benchmarks, it will be very hard to grade performance against the NIST Framework for Cyber Security. Following the logic a little further, an inability to grade performance will send us back to legal compliance instead of practical methodology for cyber security improvement– which is the whole point, or should be.