NIST Asks for Responses on How to Enhance its Cybersecurity Framework

The National Institute of Standards and Technology (NIST) would like to get reviews on the helpfulness of its Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) and recommendations on any changes that could be done.

The NIST Cybersecurity Framework was launched in 2014 to enable public and private field establishments to employ cybersecurity specifications and best practices to enhance their cybersecurity posture, better secure against cyber risks, and easily distinguish and act in response to cyberattacks in progress to control the problems that may result. The NIST Cybersecurity Framework is viewed as the gold standard for cyber threat administration; nevertheless, that doesn’t suggest developments cannot be made.

The most recent update to the Cybersecurity Framework took place in April 2018. In the last 4 years, there were significant modifications to the cybersecurity risk landscape. New threats have appeared, the tactics, techniques, and procedures (TTPs) utilized by cyber threat actors have evolved, there are new systems and security functions, and more resources are on the market to help with the control of cybersecurity threats. NIST isn’t thinking of changing its Framework once more to take these aspects into consideration.

The NIST Cybersecurity Framework was implemented by lots of healthcare institutions to boost cybersecurity, yet certain healthcare companies have experienced difficulties utilizing the Framework and at this time less than half of healthcare institutions are sticking to NIST standards. NIST would like to understand the problems organizations have encountered carrying out the Framework and the similarities and differences with other non-NIST frameworks and methods that are employed along with the NIST Cybersecurity Framework. There might be strategies for enhancing alignment or usage of those approaches with the NIST Cybersecurity Framework. NIST wishes to get ideas on improvements that could be made to the attributes of the Framework, characteristics that must be included or taken out, and any other means that NIST can develop the Framework to make it more valuable.

Besides the reviews on the Cybersecurity Framework, NIST has requested responses on probable enhancements to other NIST guidance and standards, which include its guidance on bettering supply chain cybersecurity. NIST a short while ago reported that it would kick off the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) to handle cybersecurity dangers in supply chains. NIST has asked for feedback on challenges linked to the cybersecurity facets of supply chain risk management that may be tackled by the NIICS, and whether there are at the moment gaps in current cybersecurity supply chain risk management guidance and sources, such as the usage of those resources to data and communications systems, operational technology, IoT, and industrial IoT.

NIST is asking that all comments be sent in by April 25, 2022.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at