Better metrics, implementation guidance, and alignment with other frameworks are high on the list of suggested improvements to the NIST CSF.
In late February, the National Institute of Standards and Technology (NIST) issued a request for information (RFI) to evaluate and enhance its Cybersecurity Framework, or CSF, first produced in 2014 and last updated in 2018. Many developments in the swiftly changing cybersecurity field prompted NIST to revisit its complex and well-received template designed to help organizations best manage cybersecurity risk.
In its RFI, NIST asked a series of questions about how to improve the use of the framework. Among those questions are whether the framework allows for better risk assessments and management of risks, what relevant metrics might be used to measure the framework’s impact, and what challenges organizations face in using the framework. NIST also asked how to better align or integrate the CSF with other NIST resources, such as the NIST Risk Management and Privacy Frameworks. Finally, NIST asked how it could help identify supply chain-related cybersecurity needs and harmonize the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) with the CSF.
This article appeared in CSO Online. To read the rest of the article please visit here.