The National Institute of Standards and Technology (NIST) recently released a Request for Information (RFI) that seeks to gather information to help evaluate and improve cybersecurity resources for the cybersecurity framework and cybersecurity supply chain risk management.

NIST indicated in its FAQs about the RFI that it is seeking feedback on the following objectives:

  • Evaluate and improve the Cybersecurity Framework (CSF)
  • Explore ways to better align the CSF with other NIST and cybersecurity and privacy risk management resources
  • Identify and prioritize supply chain-related cybersecurity needs, including software

The CSF was last updated in 2018 and, according to NIST, much has changed in the cybersecurity landscape since then, so NIST is seeking to keep the framework current and align it with other resources. NIST also described its efforts to work with the private sector and governments to improve cybersecurity in supply chains. This effort is known as the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) and NIST is looking forward to responses to the RFI to help move this initiative forward.

Responses to the RFI are due by April 25, 2022, and can be submitted at www.regulations.gov by entering NIST-2022-0001 in the search field and clicking the “Comment Now!” icon, or via email to: CSF-SCRM-RFI@nist.gov.