Naomi Cooper
Alice Fakir, a federal cybersecurity services partner at IBM, said the updated version of the National Institute of Standards and Technology’s Cybersecurity Framework puts a focus on timeliness and reporting and managing supply chain risks and third-party risks, FedTech reported Wednesday.
“This updated framework is calling for better awareness and improvement of security controls around supply chain and third-party risk, but adding that layer of communication is critical,” Fakir said.
Cybersecurity Framework 2.0 highlights the need for organizations to set up supply chain risk programs and implement a comprehensive risk management program and outlines new steps to ensure effective information-sharing practices across the federal government regarding these programs.
“It’s providing a broader set of activities that are required so that you can manage your third-party engagement, whereas before it was a very myopic view of managing security of an application that sits within a specific environment,” Fakir said.
“What’s so significant about this new update to the risk management framework is a bigger focus on third-party risk management and supply chain risk management,” she added.
In February, NIST released the CSF 2.0 framework that comes with a reference tool to allow users to search, view and export data from the framework’s core guidance in human-consumable and machine-readable formats.
The Potomac Officers Club will host the 2024 Cyber Summit on June 6 to hear from government and industry experts about the dynamic and ever-evolving role of cyber in the public sector. Register here!
