NIST Request for Information & Feedback

The National Institute of Standards and Technology (NIST) has updated its framework and is looking for feedback from the private sector. They can update things as they see fit, but the framework will only be optimized when real businesses in the supply chain offer their feedback. 

 

The Request for Information from NIST

The request for information notes that much has changed in the cybersecurity landscape over the past few years. Technology, workforce capabilities, education, and availability of resources have changed dramatically since CSF V1.1 launched almost four years ago. As a result, NIST recognizes the importance of feedback. They have 14 questions for companies to answer.

 

Questions 1-6

The first six questions ask for feedback on the utility of CSF. They want to hear about the benefits and challenges of implementing CSF and whether modifications could make the process easier.

 

Questions 7-10

The following four questions focus on the relationship of the CSF to other risk management resources. NIST wants to hear if the CSF neatly fits into the other cybersecurity resources that are out there. Are there ways to integrate the CSF with other NIST and non-NIST cybersecurity resources? Which steps could increase international use of the CSF?

 

Question 11

Question 11 focuses on NIICS and asks for information on risk management challenges from the current cybersecurity framework. NIST wants to know how NIICS can be leveraged to increase trust and assurances in products, devices, and services.

 

Questions 12-13

The next two questions seek input on the resources necessary for the cybersecurity framework to assess risks properly. NIST wants to know how resources are applied to information and communications technology. 

 

Question 14

The final question focuses on how C-SCRUM considerations can be integrated into the updated CSF or if another framework is required.

 

NIST Feedback Due Date

Feedback and answers to these questions are due by April 15th, 2022. After this date, there will be no more opportunities for comments.

By: Alex O’Reilly

Sources: https://www.jdsupra.com/legalnews/nist-moves-to-update-its-cybersecurity-7626791/

https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

InformationAmanda Adamscybersecurity, NISTComment