As we have seen several times in this text, periodically new guidance or regulations are developed and disseminated which may require new security controls or which may introduce a new approach to addressing elements of cybersecurity. An example of this are the various Executive Orders that have been discussed. Another example is the NIST Cyber Security Framework which provided an organized approach for organizations to deal with security. What might be some other guidance or documents that might impact the way that the CCSMM is implemented.
Another item that was introduced by the DHS Cybersecurity and Infrastructure Security Agency (CISA) was the identification of 55 National Critical Functions. The definition of a National Critical Function from the DHS Website on the subject is:
The functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. [DHS 2019]