Information Technology Industry Council proposes adding supply chain references to NIST cyber framework update

One way to incorporate NIST’s supply chain risk management work into the “CSF 2.0” update is to add “informative references,” according to the Information Technology Industry Council, which argues the volume of supply chain guidance developed since 2018 could create confusion among stakeholders.

NIST announced plans in February to update the cybersecurity framework through the release of a request for information. As part of the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) launch, NIST asked for details on...