NIST Releases Request for Information to Improve Cybersecurity Framework and Supply Chain Risk Management
Okta Notifies Customers of LAPSUS$ Attack
March 28, 2022Over 200 Malicious NPM Packages Caught Targeting Azure Developers
March 28, 2022
Summary:
The National Institute of Standards and Technology (NIST) recently released a Request for Information (RFI) that seeks to gather information to help evaluate and improve cybersecurity resources for the cybersecurity framework and cybersecurity supply chain risk management.
Additional Discussion:
The RFI that it is seeking feedback on the following objectives:
- Evaluate and improve the Cybersecurity Framework (CSF)
- Explore ways to better align the CSF with other NIST and cybersecurity and privacy risk management resources
- Identify and prioritize supply chain-related cybersecurity needs, including software
The CSF was last updated in 2018 and, according to NIST, much has changed in the cybersecurity landscape since then, so NIST is seeking to keep the framework current and align it with other resources. NIST also described its efforts to work with the private sector and governments to improve cybersecurity in supply chains. This effort is known as the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) and NIST is looking forward to responses to the RFI to help move this initiative forward.
Responses to the RFI are due by April 25, 2022.
Link:
