ARTICLE
14 March 2022

NIST Seeks Comments On Cybersecurity Framework Refresh

SM
Sheppard, Mullin, Richter & Hampton LLP

Contributor

Sheppard, Mullin, Richter & Hampton LLP logo
Businesses turn to Sheppard to deliver sophisticated counsel to help clients move ahead. With more than 1,200 lawyers located in 16 offices worldwide, our client-centered approach is grounded in nearly a century of building enduring relationships on trust and collaboration. Our broad and diversified practices serve global clients—from startups to Fortune 500 companies—at every stage of the business cycle, including high-stakes litigation, complex transactions, sophisticated financings and regulatory issues. With leading edge technologies and innovation behind our team, we pride ourselves on being a strategic partner to our clients.
Explore Firm Details
The Cybersecurity Framework is a key document providing organizations with standards, guidelines, and best practices to manage cybersecurity risk.
United States Technology
Townsend L. Bourne and Lauren Weiss
Your Author LinkedIn Connections
Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • within Cannabis & Hemp topic(s)

The National Institute of Standards and Technology (NIST) is seeking comments to improve its Cybersecurity Framework, "Framework for Improving Critical Infrastructure Cybersecurity" (Request for Information available here). The Cybersecurity Framework is a key document providing organizations with standards, guidelines, and best practices to manage cybersecurity risk. With many changes to the cybersecurity landscape since the last update to the Cyber Framework in 2018, NIST hopes to address new threats, capabilities, technologies, and resources. Comments are due by April 25, 2022.

In particular, NIST is seeking guidance on whether it should integrate supply chain-related cybersecurity guidance into the Cyber Framework or create a new cyber-related supply chain framework. In addition, NIST seeks public feedback on the following key categories:

  • Functionality of the Current Cyber Framework: How are organizations using the Framework? What areas need improvement? Should NIST consider structural changes to the Framework? What challenges have organizations had in adopting or using the Framework? What are features of the Framework that can be added, modified, or removed?
  • Alignment with other Resources: What other NIST and non-NIST resources should the Cyber Framework align with to make the tools more compatible and effective? Examples include: the Privacy Framework, Secure Software Development Framework, Risk Management Framework, Workforce Framework for Cybersecurity, and the Internet of Things Baseline.
  • Integrating the Cyber Supply Chain: How should the Cyber Framework address supply chain related cybersecurity needs and risks? What practices are organizations using to manage these risks? How should NIST's cyber supply-chain public private partnership, NIICS, be aligned and integrated with the Cyber Framework? Should NIST develop a dedicated framework addressing cybersecurity supply chain risk management?

The comment period closes on April 25, 2022, and information on submitting comments can be found here.

Putting it into Practice: The NIST Cyber Framework is an important cyber threat management tool for companies looking to develop and secure their data security programs. This comment period is a key opportunity for organizations to improve the Framework and provide important feedback to ensure the Framework reflects actual experience and practice.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Townsend L. Bourne
Townsend L. Bourne
Photo of Lauren Weiss
Lauren Weiss
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More