NIST Refreshing Voluntary Cybersecurity Framework Amid Push for Mandates – Nextgov

If you have the opportunity to comment, now is the time to do so. Over on this side of the pond I often see CSF used as the set of controls that are managed under an ISO 27k ISMS so this affects us as well…:

[…] NIST is accepting comments on the framework through April, 25, and, among other things, is seeking “suggestions for improving alignment or integration of the Cybersecurity Framework with other NIST risk management resources.” Those other resources include NIST frameworks on risk management, privacy, secure software development, the internet of things and the cybersecurity workforce.

NIST is also specifically asking for comment on whether it should be looking to create a whole other framework for supply chain management, or whether those practices should be incorporated into the CSF.

Original article