A lot has changed for all of us over the last year as the result of the pandemic. In the NIST Information Technology Laboratory (ITL), we have continued our international engagement in new and creative ways, leading to more robust and meaningful discussions with our stakeholders. It’s more critical than ever for NIST to work with and learn from our partners around the world, particularly in the areas of cybersecurity and privacy. We’re excited to share some updates in these areas and look forward to more collaboration in coming months!
Translations of key documents often are an essential step to improved collaboration. At the forefront are the numerous translations we’ve seen of the NIST Cybersecurity Framework (CSF), which can be found here. Thanks to the support of the State Department, we are now able to offer Spanish and Portuguese translations of some of our other key cybersecurity and privacy resources that we hope will be of benefit to our colleagues throughout the world. Translations of NIST’s Privacy Framework, which celebrated its one year anniversary recently, can be found here. We also have translations of the 2017 version of the NICE Framework here. Additionally, translations of key IoT cybersecurity documents are available, including NISTIR 8228: Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks; NISTIR 8259: Foundational Cybersecurity Activities for IoT Device Manufacturers; and NISTIR 8259A: IoT Device Cybersecurity Capability Core Baseline.
Participation in international standards development organizations continues to be an important focus area for us. We’re thrilled that the International Standards Organization (ISO), in conjunction with the International Electrotechnical Commission (IEC) recently published ISO/IEC 27110: Information technology, cybersecurity and privacy protection — Cybersecurity framework development guidelines. This technical specification provides guidelines for developing a cybersecurity framework. It specifies that all cybersecurity frameworks should include concepts that align with the CSF’s five functions: Identify, Protect, Detect, Respond, Recover. Right from the start of the CSF’s development, many of our stakeholders stressed to use the importance of ensuring that the Framework be consistent with approaches used outside the U.S., and this specification goes a long way to meeting those needs.
Although we have not been able to travel to meet with our counterparts elsewhere around the globe, we have maintained momentum through virtual discussions at the Asia Pacific Economic Cooperation (APEC) organized by the International Trade Administration. We are also offering our international partners an opportunity to highlight their perspectives on cybersecurity and privacy through online forums and videos. Those will include examples of how they use NIST resources. We will share these perspectives in the near future and regularly update you on these views from abroad. Meanwhile, please check out our new NIST Cybersecurity & Privacy stakeholder engagement web page, which highlights the many ways in which you can keep track of, participate in, and offer us your views about our priorities and efforts. Find it here.
Teaming with the Center for Cybersecurity Policy and Law, we’re developing and hosting a series of virtual events that will carry forward the goals of NIST’s Advancing Cybersecurity Risk Management Conference, which we had to put on hold due to the pandemic. This series will stress the importance of managing cybersecurity risks – including in the broader context of enterprise risk management – and the use and continued development of the NIST Cybersecurity Framework and corresponding international standards. The first webinar will take place on May 25th and will focus on the importance of international interoperability of cybersecurity frameworks that underpin national cybersecurity policy, regulation, and legislative development. This event will also highlight how ISO/IEC documents can serve as the shared starting point for cybersecurity frameworks internationally. Registration is open now, and we look forward to seeing you there!
We’ll continue to share updates on our international engagement – but please feel free to reach out to me at amy.mahn [at] nist.gov (amy[dot]mahn[at]nist[dot]gov) with any questions or suggestions. I look forward to hearing from and working with you. New ideas for improving the way we work internationally are especially welcome!