Public comments on updating the NIST Framework for Improving Critical Infrastructure Cybersecurity highlight private and public sector interest in this core foundational guidance document. Many commenters discussed the Cybersecurity Framework’s utility as a flexible, voluntary, and risk-based document that can be applied in any number of use cases. To that end, the record reflects a general agreement that the CSF is relied upon heavily and that significant changes would be disruptive to its usability and longevity. Several communications and technology trade associations sought targeted changes, such as updating the Informative References that NIST provides on its Informative Reference Catalog and mapping the CSF to additional frameworks, regulations, and standards.
Source: