Saturday, February 19, 2022

Review - NIST RFI to Support CSF – Supply Chain Security Integration

This Monday DOC’s National Institute of Science and Technology (NIST) is publishing (available on line today) in the Federal Register (87 FR 9579-9581) a request for information on “Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework (CSF) and Cybersecurity Supply Chain Risk Management.” NIST is considering aligning the CSF and the National Initiative for Improving Cybersecurity in Supply Chains (NIICS). In this RFI, NIST is requesting information that will support the identification and prioritization of supply chain-related cybersecurity needs across sectors.

NIST is looking for comments in the following areas:

Use of the Cybersecurity Framework,

Relationship of the CSF to Other Risk Management Resources, and

Cybersecurity Supply Chain Risk Management

Comments Requested

NIST is soliciting comments on this RFI. Comments may be submitted via the Federal eRulemaking Portal (; Docket # NIST-2022-0001). Comments should be submitted by April 25th, 2022.


The CSF is a corporate level cyber risk management tool rather than a true cybersecurity tool. Its greatest strength has always been that NIST proactively works to keep it current and responsive to current needs. It has relied heavily on the input from the public and outside experts. This RFI continues that tradition.


For more details about this RFI, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */