Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management
February 22, 2022

Also see the NIST news article, NIST Seeks Input to Update Cybersecurity Framework, Supply Chain Guidance.


NIST is seeking information to assist in evaluating and improving its cybersecurity resources—including the widely-used NIST Cybersecurity Framework (CSF) and a variety of existing and potential standards, guidelines, and other information. That includes guidance relating to improving cybersecurity in supply chains. Your comments and feedback can make a big difference! There are two areas NIST would like your feedback on:

Evaluating and Improving the NIST Cybersecurity Framework (CSF)

NIST is seeking information about the use, adequacy, and timeliness of the CSF – and the degree to which other NIST resources (e.g., the Privacy Framework, Risk Management Framework, Secure Software Development Framework, and NICE Workforce Framework) are used in conjunction with, or instead of, the CSF. NIST also wants to better understand opportunities for greater alignment and harmonization of the CSF with other resources. This will help NIST provide even more effective support to organizations as they manage different types of cybersecurity risks.

NIST also seeks information about challenges that may prevent organizations from using the CSF or using it more easily or extensively (e.g., resource considerations, organizational factors, workforce gaps, or complexity). Ultimately, NIST wants to better understand how the CSF is being used today—along with recognizing what’s working and what could work better.

Evaluating and Improving Cybersecurity Supply Chain Risk Management

NIST is also seeking information on the challenges organizations are facing from a technology supply chain perspective to inform a public-private partnership, the National Initiative for Improving Cybersecurity in Supply Chains (NIICS). NIST requests information about needed tools and guidance and how NIICS might be aligned and integrated with the CSF. This information will help NIST to identify and prioritize supply chain-related cybersecurity needs across sectors.

How to Comment?

Visit our website to view the RFI and for details on how to submit your comments by 04/25/2022.


Please also join us on February 24, 2022 at 3:00 PM ET for a NCCoE Learning Series Fireside Chat – A Look at the Cybersecurity Framework: Where We’ve Been, Where We Are, and Where We’re Going to hear more about this RFI, the evolution of the Framework, and NIST’s future plans.

Questions about this RFI? Contact:

Federal Register Notice

Document Number: 2022-03642
Created February 15, 2022, Updated February 25, 2022