The National Institute of Standards and Technology (NIST) is seeking information to assist in evaluating and improving its cybersecurity resources — including the widely-used NIST Cybersecurity Framework (CSF) and a variety of existing and potential standards, guidelines, and other information. That includes guidance relating to improving cybersecurity in supply chains.
Evaluating and Improving the NIST Cybersecurity Framework (CSF)
NIST is seeking information about the use, adequacy, and timeliness of the CSF – and the degree to which other NIST resources (e.g., the Privacy Framework, Risk Management Framework, Secure Software Development Framework, and NICE Workforce Framework) are used in conjunction with, or instead of, the CSF. NIST also wants to better understand opportunities for greater alignment and harmonization of the CSF with other resources. This will help NIST provide even more effective support to organizations as they manage different types of cybersecurity risks.
NIST also seeks information about challenges that may prevent organizations from using the CSF or using it more easily or extensively (e.g., resource considerations, organizational factors, workforce gaps, or complexity). Ultimately, NIST wants to better understand how the CSF is being used today—along with recognizing what’s working and what could work better.
Evaluating and Improving Cybersecurity Supply Chain Risk Management
NIST is also seeking information on the challenges organizations are facing from a technology supply chain perspective to inform a public-private partnership, the National Initiative for Improving Cybersecurity in Supply Chains (NIICS). NIST requests information about needed tools and guidance and how NIICS might be aligned and integrated with the CSF. This information will help NIST to identify and prioritize supply chain-related cybersecurity needs across sectors.
NIST is also hosting an upcoming NCCoE Learning Series Fireside Chat – A Look at the Cybersecurity Framework: Where We’ve Been, Where We Are, and Where We’re Going for more information about this RFI, the evolution of the Framework, and NIST’s future plans.