While you were planning for Halloween and other fall festivities in October, I hope you didn’t miss out on National Cybersecurity Awareness Month. NIST closed out the month’s focus on cybersecurity outreach by posting the latest international use of the Cybersecurity Framework – this time by the Israel National Cyber Directorate. That success story now joins an earlier description of the Japanese Cross Sector Forum, which also has put the Framework to good use. In addition, October’s calendar listings included World Standards Day, marked by activities to raise awareness about the importance of standards across the globe – and NIST put the Cybersecurity Framework at the top of its list of things to celebrate.
For NIST, international alignment and engaging with the international community on the Cybersecurity Framework has continued to be especially important. I highlighted some of our intensifying international engagements in a previous post. We have further updates to report. To meet one of our primary goals – to expand international harmonization and alignment with the Framework –we’ve had additional engagements with other governments and international organizations every month.
In August, NIST participated in a workshop organized by our colleagues in the Department of Commerce’s International Trade Administration (ITA), which took place in Puerto Varas, Chile, during a meeting of the Asia-Pacific Economic Cooperation (APEC). Titled, “Facilitating Trade in Cybersecurity Technologies & Services Through Adherence to Globally-Recognized Cybersecurity Standards and Best Practices,” NIST explained to the APEC economic representatives the approach and value of the Cybersecurity Framework and its basis in international standards. We also highlighted our international efforts to promote greater understanding and use of the Framework.
In September, NIST teamed up with ITA in Mexico City, where we reconnected with government and industry on the Cybersecurity Framework and its approach. NIST anticipates additional follow-up conversations on ways in how the Framework is currently being used by our southern neighbor. We also joined our ITA colleagues by traveling “across the pond” as part of a cybersecurity trade mission to Copenhagen, Oslo, and Stockholm, where we presented information on and had several conversations regarding the Framework. It was encouraging to hear about growing awareness and use of the Framework in the Nordic region, and NIST is excited to continue these dialogues. Information on the objectives of the mission can be found here. A huge thank you to ITA for letting us join!
Back in this hemisphere…NIST has also been collaborating with the Organization of American States (OAS) to raise awareness about the Cybersecurity Framework. OAS, along with Amazon Web Services, published a white paper on the Framework which shares an interesting perspective of how it is being considered within the Americas. We also recently collaborated with our partners at OAS, the U.S. Chamber of Commerce, and the Department of State to host a roundtable event with representatives from member states of the OAS to discuss the Framework as well as ways it has been implemented in the U.S. financial and energy sectors. OAS has hosted other events on the Framework that we’ve participated in remotely, and we look forward to continued engagement as member states consider the Framework to bolster their approaches to cybersecurity risk management.
In a case of great timing to match October being National Cybersecurity Awareness Month – extending our special month of activities overseas ¬– and also marking World Standards Day, NIST participated in the International Organization for Standardization (ISO) ISO/International Electrotechnical Committee (IEC) JTC 1 SC 27 meetings in Paris. We are continuing discussions on Technical Specification (TS) 27101, which is a set of guidance for developing cybersecurity frameworks. TS 27101 currently incorporates elements of the Cybersecurity Framework, including language from the functions, categories, and subcategories. We and U.S. companies value the productive collaboration with our international partners as part of the open and transparent standards development process. Information on this technical specification can be found here on the ISO site.
As far as those of us working on the NIST Cybersecurity Framework are concerned, it’s always National Cybersecurity Awareness Month – and we will be out there sharing the latest on the value of the NIST Cybersecurity Framework even as we learn from others around the globe. You can track our efforts on our Framework website and by following these blogs. Of course, feel free to reach out to us with comments or suggestions at cyberframework [at] nist.gov.