This Monday DOC’s National Institute of Science and Technology (NIST) is publishing (available on line today) in the Federal Register (87 FR 9579-9581) a request for information on “Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework (CSF) and Cybersecurity Supply Chain Risk Management.” NIST is considering aligning the CSF and the National Initiative for Improving Cybersecurity in Supply Chains (NIICS). In this RFI, NIST is requesting information that will support the identification and prioritization of supply chain-related cybersecurity needs across sectors.
NIST is looking for comments in the following areas:
Use of the Cybersecurity Framework,
Relationship of the CSF to Other Risk Management Resources, and
Comments Requested
NIST is soliciting comments on this RFI. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # NIST-2022-0001). Comments should be submitted by April 25th, 2022.
Commentary
The CSF is a corporate level cyber risk management tool rather
than a true cybersecurity tool. Its greatest strength has always been that NIST
proactively works to keep it current and responsive to current needs. It has
relied heavily on the input from the public and outside experts. This RFI
continues that tradition.
For more details about this RFI, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/nist-rfi-to-support-csf-supply-chain
- subscription required.
Posts
No comments:
Post a Comment