Alice Fakir, a federal cybersecurity services partner at IBM, said the updated version of the National Institute of Standards and Technology’s Cybersecurity Framework puts a focus on timeliness and reporting and managing supply chain risks and third-party risks, FedTech reported Wednesday.
“This updated framework is calling for better awareness and improvement of security controls around supply chain and third-party risk, but adding that layer of communication is critical,” Fakir said.
Cybersecurity Framework 2.0 highlights the need for organizations to set up supply chain risk programs and implement a comprehensive risk management program and outlines new steps to ensure effective information-sharing practices across the federal government regarding these programs.
“It’s providing a broader set of activities that are required so that you can manage your third-party engagement, whereas before it was a very myopic view of managing security of an application that sits within a specific environment,” Fakir said.
“What’s so significant about this new update to the risk management framework is a bigger focus on third-party risk management and supply chain risk management,” she added.
In February, NIST released the CSF 2.0 framework that comes with a reference tool to allow users to search, view and export data from the framework’s core guidance in human-consumable and machine-readable formats.
![IBM's Alice Fakir on Updated Version of NIST Cybersecurity Framework - top government contractors POC - 2024 Cyber Summit](https://em-graphics.s3.us-west-2.amazonaws.com/documents/131780d0-16d9-4129-ad1a-c29978933a30.png)
The Potomac Officers Club will host the 2024 Cyber Summit on June 6 to hear from government and industry experts about the dynamic and ever-evolving role of cyber in the public sector. Register here!