NIST Analysis Finds Agreement on Push for More Cybersecurity Framework Use Guidance, Divide on Update Need
A National Institute of Standards and Technology analysis of comments on the Cybersecurity Framework indicates stakeholders affirm the framework’s current uses but also indicates that NIST should provide more guidance on framework use, NIST said Thursday in a blog post.…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Stakeholders disagreed on when NIST should form a multistakeholder process to update the Cybersecurity Framework, though they agreed on the need for a collaborative update process that would be similar to NIST’s original 2013-2014 development process, NIST said in its analysis. Major industry interests had told NIST not to pursue a major framework revamp in the near future (see 1602240065). Parties said they’re comfortable with NIST’s current leadership of framework guidance but continue to believe that a neutral third-party organization should eventually take the reins of framework stewardship, NIST said. “These comments provide strong input for the framework’s future and revealed that the number of organizations using the framework is growing,” Matthew Barrett, NIST program director-Cybersecurity Framework, said in a statement.