NIST Seeks Cybersecurity Framework Feedback

The National Institute of Standards and Technology (NIST) is seeking feedback on how it can enhance its Framework for Improving Critical Infrastructure Cybersecurity.

NIST released the framework in 2014 to provide guidance to organizations in the public and private sectors on implementing cybersecurity standards and best practices. The framework was developed to help those organizations to improve their cybersecurity posture so they could identify and respond to cyber-attacks faster and defend themselves better against cyber-threats.

In a request for information (RFI) published on February 22, NIST said: "The National Institute of Standards and Technology (NIST) is seeking information to assist in evaluating and improving its cybersecurity resources, including the Framework for Improving Critical Infrastructure Cybersecurity and a variety of existing and potential standards, guidelines, and other information, including those relating to improving cybersecurity in supply chains." 

The framework consists of standards, methodologies, procedures and processes that align policy, business and technological approaches to reduce cybersecurity risks. It is used by private and public sector organizations in and outside of the United States and translated into multiple languages, including French.

NIST said that since the last update to the framework was made in April 2018, "much has changed in the cybersecurity landscape in terms of threats, capabilities, technologies, education and workforce, and the availability of resources to help organizations to better manage cybersecurity risk."

In addition, NIST recently announced it would launch the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) to address cybersecurity risks in supply chains. The focus of this public-private partnership will be on identifying tools and guidance for technology developers and providers and performance-oriented advice for those acquiring this kind of technology. 

"To inform the direction of the NIICS, including how it might be aligned and integrated with the Cybersecurity Framework, NIST is requesting information that will support the identification and prioritization of supply chain-related cybersecurity needs across sectors," said the institute. 

Responses to this RFI must be received by April 25 2022 to be considered. NIST said the comments it receives "will inform a possible revision of the Cybersecurity Framework as well as the NIICS initiative."

What’s Hot on Infosecurity Magazine?