Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said the National Institute of Standards and Technology’s plans to update its Cybersecurity Framework will support CISA’s mission to ensure products sold to the government are secure by design and default, Federal News Network reported Thursday.
“The framework has served as a powerful tool for providing a common taxonomy to help organizations create cybersecurity programs that align with the organization’s risk tolerance, that enable continuous improvement and facilitate communication around complex topics using a common lexicon,” the 2023 Wash100 awardee said.
CISA’s new set of cybersecurity performance goals to guide critical infrastructure owners and businesses in implementing security measures is based on the NIST Cybersecurity Framework.
In January, NIST announced plans to improve its cybersecurity resources, including the Cybersecurity Framework, to keep pace with the ever-changing threat environment.
According to the agency, the cybersecurity landscape has significantly changed in terms of threats, capabilities and technologies since the framework was first updated in 2018.
NIST aims to incorporate new guidance and resources on supply chain risk management, governance and other areas to better help organizations manage cybersecurity risks.
Chris DeRusha, the federal chief information security officer at the Office of Management and Budget and a previous Wash100 awardee, also commended NIST’s plans, particularly the increased focus on supply chain risks.
In 2022, OMB unveiled new software supply chain security requirements for federal agencies.