NIST is working on updates to its Cybersecurity Framework and has requested public inputs on where and what to include in this update. One area that is receiving broad support from the public is improvements in Cyber Supply Chain Risk Management (C-SCRM). Here's an excerpt from the article expressing this support:
The commenters broadly recognized the importance of cybersecurity supply chain risk management (C-SCRM), especially in light of recent security incidents. Many organizations, particularly small enterprises, recognize the importance of C-SCRM but are resource-constrained, so having a single clearinghouse for guidance, templates, tools, and information sharing would be of great benefit.