NIST Seeks Input to Update Cybersecurity Framework, Supply Chain Guidance
2022-02-22 09:30 (EST) -
Regarding other NIST resources, NIST wants to explore better ways to align the CSF with other NIST guidance, such as the Privacy Framework , Secure Software Development Framework , Risk Management Framework , Workforce Framework for Cybersecurity (also called the NICE Framework), and its series on IoT cybersecurity . NIST also is asking for information about the CSF’s alignment with non-NIST resources. In all cases, NIST wants to know whether these tools are complementary and what would help them work together more effectively.
Regarding supply chains, NIST recently launched a public-private partnership, called the National Initiative for Improving Cybersecurity in Supply Chains (NIICS), to address supply chain cybersecurity risks. NIST is requesting information that will help identify supply-chain-related cybersecurity needs and harmonize the NIICS initiative with the CSF. For example, what are the standards and guidelines that organizations are currently using to manage their cybersecurity supply chain risks? Does NIST need to create a dedicated framework addressing cybersecurity supply chain risk management, or can this be addressed through greater treatment of supply chain risk in the CSF?
Comments are due by April 25, 2022. Visit the CSF website to view the RFI and for details on how to submit your comments. Responses to this RFI will inform possible revisions of the CSF as well as the NIICS initiative. Send general questions about this RFI to CSF-SCRM-RFI [at] nist.gov .
