Legislation would require NIST to develop outcome-based metrics to demonstrate effectiveness of the NIST Cybersecurity Framework. The bill is scheduled to be considered – and likely amended – at a markup session of the House Science, Space and Technology Committee on March 1. Cybersecurity expert Herbert Lin questions whether it’s possible to develop viable metrics for the framework. Legislation also calls for a template on how organizations should use the framework and recommend procedures for streamlining and harmonizing existing and future cybersecurity-related requirements.”]
Source: https://www.cuinfosecurity.com/bill-seeks-metrics-for-nist-cybersecurity-framework-a-9744