The National institute of Standards and Technology (NIST) is planning to update its 2014 framework for private and public sector organizations to bolster their cybersecurity posture, asking the public for input to improve the effectiveness of the Cybersecurity Framework (CSF).
As part of the update, NIST is also seeking public feedback on cybersecurity guidance related to supply chain risks.
The CSF was created through a public and private effort overseen by NIST and includes guidelines and best practices for private sector entities to use on a voluntary basis to improve its defenses and resilience to cybersecurity attacks.
“Every organization needs to manage cybersecurity risk as a part of doing business, whether it is in industry, government or academia,” Don Graves, deputy secretary of the Commerce Department, said in a statement. “It is critical to their resilience and to our nation’s economic security. There are many tools available to help, and the CSF is one of the leading frameworks for private sector cybersecurity maintenance. We want private and public sector organizations to help make it even more useful and widely used, including by small companies.”
The CSF was last updated in 2018.
NIST is seeking public comments in three main categories, including how the framework is currently being used and ideas for changing it, ways to improve cybersecurity in supply chains, and ways to better align the CSF with other agency guidance such as a privacy framework, and risk management framework, and a series on cybersecurity for the internet of things.
“There is no single issue driving this change,” Kevin Stine, NIST chief cyber security adviser, said in a statement. “This is a planned update to keep the CSF current and ensure that it is aligned with other tools that are commonly used.”
Potential revisions to the CSF are planned for this year. Comments to the Request for Information are due by April 25.