NIST is planning a significant update of its Cybersecurity Framework. At this point, it’s asking for feedback and comments to its concept paper.
- Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)?
- Are the proposed changes sufficient and appropriate? Are there other elements that should be considered under each area?
- Do the proposed changes support different use cases in various sectors, types, and sizes of organizations (and with varied capabilities, resources, and technologies)?
- Are there additional changes not covered here that should be considered?
- For those using CSF 1.1, would the proposed changes affect continued adoption of the Framework, and how so?
- For those not using the Framework, would the proposed changes affect the potential use of the Framework?
The NIST Cybersecurity Framework has turned out to be an excellent resource. If you use it at all, please help with version 2.0.