The U.S. National Institute of Standards and Technology (NIST) has released Special Publication 800-18r2, focusing on developing system plans that cover security, privacy, and Cybersecurity Supply Chain Risk Management Plans (CSCRM). This draft is open for public comments until July 30, 2025, as NIST seeks feedback on its technical accuracy and usability.
Key Points
- NIST’s draft seeks to improve guidelines for documenting security, privacy, and supply chain risk at the system level.
- The document includes updates on automation for systems information and risk management processes.
- Guidance is expanded within the frameworks of NIST’s Risk Management and Privacy frameworks.
- Federal and non-federal organisations are invited to apply these guidelines with the aim to enhance system planning efforts.
- The revision introduces content regarding security functions and roles necessary to maintain system protections.
Why should I read this?
If you’re involved in cybersecurity or system planning, this article should be on your radar! NIST’s latest draft provides crucial updates that directly impact how organisations should structure their security and privacy protocols. Plus, by engaging with this draft, you get a chance to shape the future of cybersecurity standards. Don’t miss out on the chance to make your voice heard!