NIST is updating its Cybersecurity Framework (CSF) to better address modern cybersecurity challenges and improve alignment with other cybersecurity resources. The update will be conducted in three phases:
1. Improving the CSF itself by examining its current use, identifying improvements, considering structural modifications, and assessing challenges to broader adoption.
2. Aligning the CSF with other NIST guidance like the Privacy Framework, Secure Software Development Framework, Risk Management Framework, Workforce Framework for Cybersecurity, and IoT cybersecurity series, as well as evaluating alignment with non-NIST resources.
3. Addressing supply chain cybersecurity by building on the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) partnership and determining whether dedicated supply chain frameworks are needed or if guidance can be integrated into the current CSF structure.
Public feedback is requested by April 25, 2022, and can be submitted through the CSF website. Responses will help inform revisions to the CSF and the NIICS initiative. For general inquiries, contact CSF-SCRM-RFI@nist.gov.
Keywords: Cybersecurity Framework, Supply chain risks, Cybersecurity guidance
