Critical infrastructure
News
Regulation, Standards and Compliance

NIST considers updating its cybersecurity framework and NIICS initiative, calls for information

February 22, 2022
NIST considers updating its cybersecurity framework and NIICS initiative, calls for information

The Federal Register published on Tuesday a request for information (RFI) from the U.S. ​​Department of Commerce seeking information to assist in evaluating and improving its cybersecurity resources. The move comes as the agency is working towards modernizing the department’s National Institute of Standards and Technology (NIST) cybersecurity framework and various other existing and potential standards, guidelines, and other information, including those relating to improving cybersecurity in supply chains. 

According to the Federal Register notice, the NIST is updating its cybersecurity framework to account for the changing landscape of cybersecurity risks, technologies, and resources. “Responses to the RFI will inform a possible revision of the Cybersecurity Framework as well as the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) initiative,” it added.

“Comments in response to this notice must be received by April 25, 2022. Submissions received after that date may not be considered,” the notice added.

Widely used by private and public sector organizations within and outside of the U.S., the NIST cybersecurity framework consists of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to reduce cybersecurity risks. 

The NIST cybersecurity framework was last updated in April 2018. The agency is seeking to work with interested stakeholders to build on its efforts to cultivate trust by advancing cybersecurity and privacy standards and guidelines, technology, measurements, and practices. This led to the call for relevant information about the cybersecurity framework’s use, adequacy, and timeliness, while also looking into the degree to which other NIST resources are used in conjunction with or instead of the framework.

The NIICS initiative is a public-private partnership that works towards building, evaluating, and assessing the cybersecurity of products and services in their supply chains. It primarily focuses on identifying tools and guidance for technology developers and providers and performance-oriented guidance for those acquiring such technology. Following the NIST’s established practices with existing cybersecurity and privacy frameworks, the process used to develop the framework will be transparent and open to participation by private industry.

“Further, to inform the direction of the NIICS, including how it might be aligned and integrated with the Cybersecurity Framework, NIST is requesting information that will support the identification and prioritization of supply chain-related cybersecurity needs across sectors,” NIST said in the RFI. The agency is also looking at including increased awareness of and emphasis on cybersecurity risks in supply chains, including a decision to launch the NIICS initiative. 

In November, the NIST released the second public draft of its Cybersecurity Supply Chain Risk Management (C-SCRM) Practices for Systems and Organizations for public comment. The document lays down guidelines for enterprises on identifying, assessing, selecting, and implementing risk management processes and mitigating controls across the enterprise to help manage cybersecurity risk in the supply chain.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness