December 2, 2023
ITI suggests tweaks in CSF 2.0 update to incorporate supply chain outside of new ‘Govern’ function
The Information Technology Industry Council is largely supportive of NIST’s update to the cybersecurity framework in comments on the final draft, while offering suggestions on how to incorporate supply chain more broadly in various categories.
The tech group says they are in favor of NIST moving forward with integration of supply chain risk management into the CSF 2.0 update “more holistically” by creating categories throughout the framework functions. ITI argues, “in practice C-SCRM is something that should be integrated across...