October 28, 2020
Industry raises concerns with NIST approach to supply-chain risks in cyber framework update
Industry groups across sectors are raising concerns with various aspects of the National Institute of Standards and Technology's approach to managing supply-chain risks in a proposed update to the voluntary framework of cybersecurity standards.
Specifically, groups say the NIST plan fails to take into account the interconnectedness of vendor services and downplays the potential effect on small businesses, among other issues.
More than 100 industry groups submitted comments to NIST on its proposed update of the cybersecurity framework – “version...