Initial Summary Analysis of Responses to the Request for Information (RFI) Evaluating and Improving Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management [open pdf - 662KB]
From the Introduction: "On February 22, 2022, NIST issued a public Request for Information (RFI), 'Evaluating and Improving NIST [National Institute of Standards and Technology] Cybersecurity Resources: The Cybersecurity Framework [CSF] and Cybersecurity Supply Chain Risk Management.' [hyperlink] The RFI sought information on the use of the NIST Cybersecurity Framework as well as recommendations to improve the effectiveness of the Framework and its alignment with other cybersecurity resources. The RFI also sought suggestions to inform other cybersecurity efforts at NIST, especially related to supply chain cybersecurity risks. When the RFI was issued, Commerce Deputy Secretary Don Graves stated [hyperlink]: 'Every organization needs to manage cybersecurity risk as a part of doing business, whether it is in industry, government or academia...It is critical to their resilience and to our nation's economic security. There are many tools available to help, and the CSF is one of the leading frameworks for private sector cybersecurity maintenance. We want private and public sector organizations to help make it even more useful and widely used, including by small companies.' This document represents an initial, high-level summary of the RFI responses. NIST received more than 130 RFI responses, including many comments submitted jointly by multiple organizations or associations representing numerous organizations. The responses can be found on the NIST CSF website. [hyperlink]"
National Institute of Standards and Technology (NIST): https://www.nist.gov/