The U.S. NIST released this week Special Publication 800-18r2 that focuses on the development of system plans that address system-level security, privacy, and Cybersecurity Supply Chain Risk Management Plans (CSCRM) requirements that may derive from enterprise, organization, and mission/business process requirements. The agency is seeking feedback on the draft’s technical accuracy, clarity, usability, and the impact of changes made to the content.
NIST is particularly interested in feedback on how the guidelines align with current organizational practices for documenting or reporting security, privacy, and cybersecurity supply chain risk management at the system level. It is also seeking input on how the guidelines and supplemental materials might influence future practices and processes. Comments are welcome on whether additional system plan elements could improve the usability of the information captured.
Furthermore, NIST is also looking for perspectives on further considerations for automating the capture of system information using enterprise security tools to enhance risk management and support more informed decision-making. The public comment period is…
