Financial sector group endorses adding supply chain and governance functions in cyber framework update

The financial sector’s Cyber Risk Institute is urging the National Institute of Standards and Technology to elevate supply chain risk management to a core “function” of the cybersecurity framework, in comments on NIST’s CSF 2.0 “discussion draft” that also embrace the agency’s move to create a new “Govern” function.

“NIST’s efforts deserve much praise, as most of the proposed changes constitute marked improvement. Notably, the addition of the ‘Govern’ function is an important upgrade,” CRI says in comments submitted...