CSCC Letter Response to GAO Inquiry on use of the NIST Cybersecurity Framework