The National Institute of Standards and Technology (NIST) is seeking comments to improve its Cybersecurity Framework, “Framework for Improving Critical Infrastructure Cybersecurity” (Request for Information available here). The Cybersecurity Framework is a key document providing organizations with standards, guidelines, and best practices to manage cybersecurity risk. With many changes to the cybersecurity landscape since the last update to the Cyber Framework in 2018, NIST hopes to address new threats, capabilities, technologies, and resources. Comments are due by April 25, 2022.
In particular, NIST is seeking guidance on whether it should integrate supply chain-related cybersecurity guidance into the Cyber Framework or create a new cyber-related supply chain framework. In addition, NIST seeks public feedback on the following key categories:
- Functionality of the Current Cyber Framework: How are organizations using the Framework? What areas need improvement? Should NIST consider structural changes to the Framework? What challenges have organizations had in adopting or using the Framework? What are features of the Framework that can be added, modified, or…
