NIST Seeks Input to Update Cybersecurity Framework & Supply Chain Risk Management Resources

National Institute of Standards and Technology (NIST) sent this bulletin at 03/24/2022 02:20 PM EDT
NIST

View As Web Page
Header

National Cybersecurity Center of Excellence 

NIST Seeks Input on Cybersecurity Framework and Supply Chain Guidance

NIST CSF Graphic

Photo Credit: N. Hanacek/NIST

To Our NCCoE Community,

Being NIST's applied cybersecurity center, the NCCoE and our collaborators work with the NIST Cybersecurity Framework every day to create practical, standards-based solutions that organizations of all types and sizes can use to protect their assets, people, and data.

NIST wants your input to improve the effectiveness of the Cybersecurity Framework and its alignment with other cybersecurity resources. We are also requesting suggestions to inform cybersecurity guidance related to supply chain risks.

Evaluating and Improving the NIST Cybersecurity Framework 
NIST is seeking information about the use, adequacy, and timeliness of the Cybersecurity Framework – and the degree to which other NIST resources are used in conjunction with, or instead of, the Cybersecurity Framework. NIST also wants to better understand opportunities for greater alignment and harmonization of the framework with other resources. This will help NIST provide even more effective support to organizations as they manage different types of cybersecurity risks.

NIST also seeks information about challenges that may prevent organizations from using the framework or using it more easily or extensively (e.g., resource considerations, organizational factors, workforce gaps, or complexity).

Ultimately, NIST wants to better understand how the framework is being used today—along with recognizing what’s working and what could work better.

Evaluating and Improving Cybersecurity Supply Chain Risk Management
NIST is also seeking information on the challenges organizations are facing from a technology supply chain perspective to inform a public-private partnership, the National Initiative for Improving Cybersecurity in Supply Chains (NIICS). NIST requests information about needed tools and guidance and how NIICS might be aligned and integrated with the CSF. This information will help NIST to identify and prioritize supply chain-related cybersecurity needs across sectors.

How to Comment
Visit the CSF website to view the Request for Information (RFI) and for details on how to submit your comments.

Submit a Question
Send general questions about this RFI to CSF-SCRM-RFI@nist.gov.

Read More

NIST Cybersecurity and Privacy Program
NIST Applied Cybersecurity Division (ACD)
National Cybersecurity Center of Excellence (NCCoE)
Questions/Comments about this notice: CSF-SCRM-RFI@nist.gov
NCCoE Website questions: nccoe@nist.gov