The National Institute of Standards and Technology (NIST) is seeking information on evaluating and improving its cybersecurity resources, including a possible update to its Cybersecurity Framework first issued in 2014 and later updated in 2018.
A further update to the framework, NIST said, would focus on “the changing landscape of cybersecurity risks, technologies, and resources.”
In a notice posted to the Federal Register, NIST also talked about its recent moves to launch the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) to address supply chain security.
Responses to the RFI could information possible revisions to the Cybersecurity Framework and NIICS, the agency said.
“This wide-ranging public-private partnership will focus on identifying tools and guidance for technology developers and providers, as well as performance-oriented guidance for those acquiring such technology,” NIST said of the supply chain security effort. “To inform the direction of the NIICS, including how it might be aligned and integrated with the Cybersecurity Framework, NIST is requesting information that will support the identification and prioritization of supply chain-related cybersecurity needs across sectors.”
NIICS will aim to emphasize tools, technologies, and guidance focused on technology developers and providers. The private-public partnership will help organizations in evaluating and assessing cybersecurity of products and services in supply chains.
NIST also listed a range of possible topics that may be addressed in any comments, including the usefulness of the NIST Cybersecurity Framework for aiding organizations in organizing cyber efforts, and the challenges that may be preventing organizations from using the NIST Cybersecurity Framework.
Comments are due to NIST in 60 days.