Cloud Security Alliance urges NIST to address ‘cloud-specific’ issues in cyber framework update

NIST should include guidance specifically addressing cloud-related cyber challenges in its “CSF 2.0” update of the cybersecurity framework, the Cloud Security Alliance says in new comments to the agency.

“The proposed Functions, Categories, and Subcategories provide a comprehensive structure. However, we recommend further consideration of cloud-specific security challenges, such as data privacy, data residency, and supply chain risk management, to ensure broader applicability in cloud environments,” CSA says in comments submitted May 25.

“We encourage the inclusion of outcomes...