The DoD Recommends That NIST Aligns Frameworks for Cybersecurity Risk Management

The National Institute of Standards of Technology (NIST) has been at the forefront of cybersecurity in the United States for several years. It has had success in improving cybersecurity practices so that the supply chain is protected from top to bottom.

 

However, it is time for NIST to point to how organizations within the supply chain should assess the risk they’re associating with their systems when deciding which security controls to implement.

 

Comments from the DoD’s Chief Information Officer for Cybersecurity

In a statement, Michele Iversen, the DoD’s chief information officer for cybersecurity, said, “Enhance Section 4.0 (Self-Assessing Cybersecurity Risk with the Framework) to integrate guidance on how [Special Publication 800-30, revision 1] can be leveraged to perform the risk measurement to assign a value. It appears that [the Cybersecurity Framework] depends on measuring, or assessing risk, but [avoids] alignment to the NIST standard commonly used to assess cybersecurity risks.”

 

The comments were in response to a request for more information NIST issued toward the second update of its cybersecurity framework.

 

The Problem with the Current State of NIST’s Cybersecurity Framework

NIST’s cybersecurity framework has very few issues. It was implemented in 2014 and has successfully protected the organizations that use it. However, the framework leaves it up to the user to decide which protocols and systems to prioritize. Business owners are not cybersecurity experts, so it is unreasonable to ask them to make these decisions.

 

There is now a common belief within the cybersecurity community that NIST needs to update its framework to better outline how to implement it and what to prioritize.

Getting Help from GSec LLC

Resources with information on the NIST cybersecurity framework are not as accessible as other information. As a result, it can be challenging for the layman to sift through all the information. If you have any questions, do not hesitate to contact us!

 

By: Alex O’Reilly

 

Sources: https://www.nextgov.com/cybersecurity/2022/06/dod-recommends-nist-align-frameworks-cybersecurity-risk-management/367815/

https://www.nist.gov/system/files/documents/2022/05/26/05-24-2022%20-%20US_Department_of_Defense.pdf

https://www.nist.gov/system/files/documents/2022/06/03/NIST-Cybersecurity-RFI-Summary-Analysis-Final.pdf

Amanda Adams