NIST is seeking information to assist in evaluating and improving its cybersecurity resources—including the widely-used NIST Cybersecurity Framework (CSF) and a variety of existing and potential standards, guidelines, and other information. That includes guidance relating to improving cybersecurity in supply chains. Your comments and feedback can make a big difference! There are two areas NIST would like your feedback on:
NIST is seeking information about the use, adequacy, and timeliness of the CSF – and the degree to which other NIST resources (e.g., the Privacy Framework, Risk Management Framework, Secure Software Development Framework, and NICE Workforce Framework) are used in conjunction with, or instead of, the CSF. NIST also wants to better understand opportunities for greater alignment and harmonization of the CSF with other resources. This will help NIST provide even more effective support to organizations as they manage different types of cybersecurity risks.
NIST also seeks information about challenges that may prevent organizations from using the CSF or using it more easily or extensively (e.g., resource considerations, organizational factors, workforce gaps, or complexity). Ultimately, NIST wants to better understand how the CSF is being used today—along with recognizing what’s working and what could work better.
NIST is also seeking information on the challenges organizations are facing from a technology supply chain perspective to inform a public-private partnership, the National Initiative for Improving Cybersecurity in Supply Chains (NIICS). NIST requests information about needed tools and guidance and how NIICS might be aligned and integrated with the CSF. This information will help NIST to identify and prioritize supply chain-related cybersecurity needs across sectors.
Visit our website to view the RFI and for details on how to submit your comments by 04/25/2022.
Please also join us on February 24, 2022 at 3:00 PM ET for a NCCoE Learning Series Fireside Chat – A Look at the Cybersecurity Framework: Where We’ve Been, Where We Are, and Where We’re Going to hear more about this RFI, the evolution of the Framework, and NIST’s future plans.
Questions about this RFI? Contact: CSF-SCRM-RFI@nist.gov.
Security and Privacy: cybersecurity supply chain risk management, privacy
Applications: cybersecurity framework, cybersecurity workforce