Cybersecurity

NIST Seeks Public Input on Cybersecurity Framework Updates and Supply Chain Security

Janet R. Logue February 18, 2022
An employee points to motherboards at the Intel booth at the 2009 CeBIT technology show. The National Institute of Standards and Technology is preparing a supply chain-focused update to its cybersecurity framework. (Photo by Sean Gallup/Getty Images)

The National Institute for Standards and Technology (NIST) is asking for the public’s help in updating one of its flagship cybersecurity guidelines and informing a new initiative on supply chain security.

In a request for information released on Friday, the agency said it was seeking to update its cybersecurity framework to account for new digital security risks, technologies and resources. At the same time, it is launching a new project, the National Initiative to Improve Cybersecurity in Supply Chains, which is dedicated to “identifying tools and guidance for developers and technology providers, as well as only performance-oriented guidance for those acquiring such technology”. Both projects are expected to involve a similar supply chain research focus.

“The Cybersecurity Framework was last updated in April 2018. Much has changed in the cybersecurity landscape in terms of threats, capabilities, technologies, education and workforce , and the availability of resources to help organizations better manage cybersecurity risks,” the agency wrote. “This includes increased awareness and emphasis on cybersecurity risks in supply chains, including a decision to launch NIICS.”

Among the questions that NIST seeks to answer is whether the current framework enables simple and effective risk communication between organizations and their supply chain partners, customers, and insurers; if restrictions on resources, information sharing or manpower make it impossible to adopt or implement the guidance of the framework; and ways to better align the updated framework with complementary resources such as the Risk Management Framework, Secure Software Development Framework, Industrial Control System Cybersecurity Guide, and others.

As part of the National Initiative to Improve Cybersecurity in Supply Chains, the agency wants to know the most acute security challenges that organizations face in their supply chains and how to build on them. on related initiatives such as its software security initiatives that emerged as a result of President Joe Biden’s decision. executive decree on cybersecurity last year. NIST is also interested in any narrowly applied program on software or hardware assurance that may have broader application for securing the digital integrity of the global supply chain.

The agency will accept written or emailed comments from the public for the next 60 days.

Related posts:

  1. Google to train 100,000 Americans, invest $ 10 billion to strengthen cybersecurity in the United States, Telecom News, ET Telecom
  2. Computer hardware launch for Cyber ​​Security Awareness Month
  3. House passes law to strengthen federal cybersecurity workforce
  4. Microsoft renews agreement with schools and focuses on strengthening cybersecurity
Related Topics
Previous

UK cybersecurity revenue hits £10.1bn • The Register

Next

Cyber ​​Expo & Conference Ireland: demystifying cybersecurity and mitigating business risk

Related Posts

Cybersecurity

Escal Institute of Advanced Technologies wins $9.8 million contract to provide cybersecurity training and certifications

November 21, 2022
Cybersecurity

Cybersecurity becomes a boutique industrial cluster in Spokane

November 18, 2022
Cybersecurity

Russia’s War on Ukraine: 3 Cybersecurity Takeaways for Businesses

November 13, 2022

Check Also
Cybersecurity

Escal Institute of Advanced Technologies wins $9.8 million contract to provide cybersecurity training and certifications

November 21, 2022