The National Institute of Standards and Technology (NIST) announced it planned to update NIST IR 7621 Rev. 1, Small Business Information Security: The Fundamentals, and issued a pre-draft call for comment.
The announcement states, “Since NIST IR 7621 Revision 1 was published in November of 2016, NIST has developed new frameworks for cybersecurity and risk management and released major updates to critical resources and references. This revision will focus on clarifying the publication audience, making the document more user-friendly, aligning with other NIST guidance, updating the narrative with current approaches to cybersecurity risk management, and updating appendices. Before revising, NIST invites the public to suggest changes that would improve the document’s effectiveness, relevance, and general use to better help the small-business community understand and manage their cybersecurity risk.”
NIST said it welcomes feedback and input and proposed the following list of questions and topics for consideration:
- How have you used or referenced NIST IR 7621?
- What specific topics in NIST IR 7621 are most useful to you?
- What challenges have you faced in applying the guidance in NIST IR 7621?
- Is the document’s current level of specificity appropriate, too detailed, or too general? If the level of specificity is not appropriate, how can it be improved?
- How can NIST improve the alignment between NIST IR 7621 and other frameworks and publications?
- What new cybersecurity capabilities, challenges, or topics should be addressed?
- What topics or sections currently in the document are out of scope, no longer relevant, or better addressed elsewhere?
- Are there other substantive suggestions that would improve the document?
- Are there additional appendices in NIST IR 7621, or resources outside NIST IR 7621, that would add value to the document?
The comment period closes 12 p.m. ET on May 16. Comments should be emailed to [email protected] with "Comments on NIST IR 7621” in the subject field.