Cyber Security

NIST Refreshing Voluntary Cybersecurity Framework Amid Push for Mandates

The agency is soliciting comments to update a core document that lets entities pick and choose which technical standards they want to apply to their systems based on their own risk assessment.

The National Institute of Standards and Technology wants to know how it might improve its landmark framework of cybersecurity standards and practices and streamline similar efforts related to particular issues like privacy and supply-chain security.

“Every organization needs to manage cybersecurity risk as a part of doing business, whether it is in industry, government or academia,” said Commerce Deputy Secretary Don Graves in a news bulletin NIST published Tuesday. “It is critical to their resilience and to our nation’s economic security. There are many tools available to help, and the CSF is one of the leading frameworks for private sector cybersecurity maintenance. We want private and public sector organizations to help make it even more useful and widely used, including by small companies.” 

The NIST CSF emerged in 2014 under an executive order from President Barack Obama as a way to guide the private-sector entities that control the vast majority of our critical infrastructure, without forcing them to do anything. Cybersecurity was seen as its own incentive for companies’ motivation to adopt it to whatever degree they see fit.

“The resulting framework, created through public-private collaboration, provides a common language to address and manage cyber risk in a cost-effective way based on business needs, without placing additional regulatory requirements on businesses,” reads NIST’s original press release of the CSF.

Seven years later, another executive order—14208, which President Joe Biden issued in May following a string of massive hacks—suggests a need for potential changes to Federal Acquisition Regulations, especially given the trend of adversaries targeting victims’ underlying supply chains and getting an exponentially bigger bang for their buck. Where possible—at the Transportation and Security Administration, for example, the administration has also issued directives with specific cybersecurity practices companies must follow under threat of fines.

NIST is accepting comments on the framework through April, 25, and, among other things, is seeking “suggestions for improving alignment or integration of the Cybersecurity Framework with other NIST risk management resources.” Those other resources include NIST frameworks on risk management, privacy, secure software development, the internet of things and the cybersecurity workforce. 

NIST is also specifically asking for comment on whether it should be looking to create a whole other framework for supply chain management, or whether those practices should be incorporated into the CSF.

Source: https://www.nextgov.com/cybersecurity/2022/02/nist-refreshing-voluntary-cybersecurity-framework-amid-push-mandates/362278/

Click to comment

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

The nation’s cyber defense agency is building onto White House efforts to secure schools’ systems nationwide with the help of major education software companies....

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version