Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Seeks Input on International Aspects of the Cybersecurity Framework, Other Resources

By: Amy Mahn

Addressing global needs is a critical part of NIST’s work in the evolution of the Cybersecurity Framework, especially as we continue to see international adaptions and use cases to address emerging risks. Recently translated into French and Ukrainian, the Framework is now available in 10 languages, and additional translations are in the works. With a growing user base around the world, the Framework is primed for an update that draws more deeply on international viewpoints.

The recently released Request for Information (RFI) on “Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management” emphasizes the importance of international perspectives for updating NIST’s resources.  The RFI includes questions on international use of the Framework and opportunities to improve alignment or integration with other frameworks, such as international approaches like the ISO/IEC 27000-series, including ISO/IEC TS 27110. In addition to broad use by international companies, the Framework has been adapted by other countries, and the RFI asks what steps NIST should consider to ensure any update further increases international use.

The RFI also asks for feedback on ways to better align the Cybersecurity Framework with other NIST resources, including privacy risk management resources. Additionally, it seeks input on identifying and prioritizing supply chain-related cybersecurity needs.

Responses will help NIST to better understand how the Framework is being used today and better discern what’s working and what could work better.  Feedback from international partners will improve the Framework’s alignment with other approaches around the globe and help ensure that the approaches complement each other.  We encourage responses to this RFI by the April 25, 2022, deadline. More information on the request and NIST’s efforts can be found here.  

NIST continues to share information on the Cybersecurity Framework and other resources with others around the world.  Recent initiatives include:

  • Participation in the U.S.-Spain cybersecurity dialogue in Madrid with other federal government partners. 
  • Presentation on the Framework in virtual events on cybersecurity and privacy in Central America and Vietnam, facilitated by the International Trade Administration (ITA). 
  • The Cybersecurity Risk Management Virtual Event Series, co-hosted with the Center for Cybersecurity Policy and Law.  The final event on January 27, 2022, focused on quantifying and buying down cybersecurity risk.  The recording of the event can be found here

Information on upcoming events that include an international focus and are open to the public will be posted on the International Cybersecurity and Privacy Resources page.   

In addition to the many translations of the Cybersecurity Framework itself, a number of other translations will be available in coming weeks   These include:

Additional translations will continue to be posted on the International Cybersecurity and Privacy Resources page.    

For questions or to discuss opportunities for international engagement, send a message to intl-cyber-privacy [at] nist.gov (intl-cyber-privacy[at]nist[dot]gov). We are always available!

About the author

Amy Mahn

Amy Mahn is an international policy specialist in the NIST Applied Cybersecurity Division.  Amy’s primary focus in this role is support of the international aspects and alignment of the Framework for Improving Critical Infrastructure Cybersecurity. Amy previously worked eleven years at the Department of Homeland Security in various roles, including international policy coordination in cybersecurity and critical infrastructure protection within the National Protection and Programs Directorate and the Office of Cyber, Infrastructure and Resilience Policy.

Comments

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.