HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

NIST Requests Comments on How to Improve its Cybersecurity Framework

The National Institute of Standards and Technology (NIST) is seeking feedback on the usefulness of its Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) and suggestions on any improvements that can be made.

The NIST Cybersecurity Framework was released in 2014 to help public and private sector organizations implement cybersecurity standards and best practices to improve their cybersecurity posture, better defend against cyber threats, and quickly identify and respond to cyberattacks in progress to limit the harm that can be caused. The NIST Cybersecurity Framework is considered the gold standard for cyber threat management; however, that does not mean improvements could not be made.

The last update to the Cybersecurity Framework occurred in April 2018 and the past four years have seen considerable changes to the cybersecurity threat landscape. New threats have emerged, the tactics, techniques, and procedures used by cyber threat actors have changed, there are new technologies and security capabilities, and more resources are available to help with the management of cybersecurity risk. NIST is not considering updating its Framework again to take these factors into account.

The NIST Cybersecurity Framework has been adopted by many healthcare organizations to improve cybersecurity, but some healthcare organizations have faced challenges implementing the Framework and currently fewer than half of healthcare organizations are adhering to NIST standards. NIST wants to learn about the challenges organizations have faced implementing the Framework and the commonalities and conflicts with other non-NIST frameworks and approaches that are used in conjunction with the NIST Cybersecurity Framework. There may be ways of improving alignment or integration of those approaches with the NIST Cybersecurity Framework. NIST wants suggestions on changes that could be made to the features of the Framework, features that should be added or removed, and any other ways that NIST could improve the Framework to make it more useful.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

In addition to feedback on the Cybersecurity Framework, NIST has requested comments on possible improvements to other NIST guidance and standards, including its guidance on improving supply chain cybersecurity. NIST recently announced that it would launch the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) to address cybersecurity risks in supply chains. NIST has requested comments on challenges related to the cybersecurity aspects of supply chain risk management that could be addressed by the NIICS, and whether there are currently gaps in existing cybersecurity supply chain risk management guidance and resources, including the application of those resources to information and communications technology, operational technology, IoT, and industrial IoT.

NIST has requested all comments be submitted by April 25, 2022.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.