Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

RFI related Frequently Asked Questions

Questions can be submitted to: CSF-SCRM-RFI [at] (CSF-SCRM-RFI[at]nist[dot]gov)

NIST requests that responses be returned by April 25, 2022.

RFI responses can be submitted at by entering NIST-2022-0001 in the search field and clicking the “Comment Now!” icon once the required fields have been completed. Comments can also be submitted to CSF-SCRM-RFI [at] (CSF-SCRM-RFI[at]nist[dot]gov).

The following formats are acceptable: HTML; ASCII; Word; RTF; or PDF.

Yes. All submissions, including attachments and other supporting materials, may become part of the public record and may be subject to public disclosure. NIST reserves the right to publish relevant comments publicly, unedited and in their entirety.

NIST welcomes any and all feedback. However, comments received after the deadline may not be considered for this review cycle.

NIST welcomes any and all feedback, but would greatly appreciate input to: 

  • Evaluate and improve the Cybersecurity Framework
  • Explore ways to better align the CSF with other NIST and other cybersecurity and privacy risk management resources (e.g., PF, RMF, NICE WF, SSDF,  etc.)
  • Identify and prioritize supply chain-related cybersecurity needs, including software

No workshop is scheduled yet, but NIST intends to host a workshop after the RFI period concludes; stay tuned.

From the time that the Framework was launched in 2014, NIST has said that it will be updated in order to keep it current as well as to further align it with other resources. It was last updated in 2018, and much has changed in the landscape of cybersecurity risks, technologies, and resources.

More information on the Framework can be found at:

NIICS is the National Initiative for Improving Cybersecurity in Supply Chains and its purpose is to address cybersecurity risks in supply chains. This is intended to be a wide-ranging public-private partnership which will focus on identifying tools and guidance for technology developers and providers, as well as performance-oriented guidance for those acquiring such technology. NIICS is still in its formative stage. Responses to this RFI will help to shape this initiative.

There are many ways for stakeholders to engage with NIST about cybersecurity issues. Contact and other information is available here:

Created March 1, 2022