Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Picking Up the Framework’s Pace Internationally

By: Amy Mahn
Graphic image of the world created by small icons representing security
Credit: Shutterstock

Promoting international alignment and engaging with the international community has been an increasingly important focus for the Cybersecurity Framework effort.  Because the Framework references globally accepted standards, guidelines and practice, organizations in the United States and abroad can use it to efficiently operate in a global environment and manage new and evolving cybersecurity risks.  We have been expanding our international collaboration and alignment efforts for the Framework and believe that this increased effort can be helpful to our partners all over the world as they seek to effectively and efficiently manage their cybersecurity risks.

To this end, we have some exciting developments on the international front as the Framework moves past its five-year anniversary. Since its publication in February 2014, we’ve seen translations of the Framework in various languages as well as adaptations of the Frameworks by government and industries across the globe. “Starting with the Japanese translation produced by Japan’s Information-technology Promotion Agency (IPA), we have seen the Framework both translated and adapted in several languages, including Italian, Hebrew, Spanish, Arabic and, most recently, Portuguese.  All of these translations and adaptations can be found on the Framework on our International Resources page.  

 (If you are aware of others or have any questions about our international resources, please let us know!)

On March 18th, 2019, NIST took part in a roundtable session in honor of the U.S. visit of Brazil President Jair Bolsonaro and his delegation hosted by the U.S. Chamber of Commerce. During the event, the Chamber, in conjunction with the Brazil-U.S. Business Council, took the opportunity to announce that it had produced the Portuguese translation of the Framework. The NIST team provided an overview of the Framework and highlighted the great collaboration we have had since meeting with Brazilian government and industry representatives in a September 2018 visit to the country organized by our colleagues at the U.S. International Trade Administration (ITA) to meet with government and industry in Brazil.  That visit culminated in a cybersecurity event attended by more than 70 government and industry representatives that featured NIST on a government panel. We’ve had several productive follow-on conversations with Brazilian colleagues on use of the Framework, including how to apply it from a financial sector perspective.  We also appreciated the chance to visit Brasilia in May 2019 to join colleagues from government and industry in both a roundtable event organized by ITA to further discuss the Framework and a cybersecurity risk management workshop hosted by Brazil’s Cyber Defense Command to continue the dialogue on the Framework and how it can be implemented in various critical infrastructure sectors.  We look forward to continuing this engagement! 

Since the release of Version 1.1 of the Framework in April 2018, we have increased our bilateral dialogues with international partners on the Framework, and we intend to continue to pick up the pace even more. We’re grateful to our colleagues at the Organization of American States (OAS) and ITA for presenting us with opportunities to speak and engage with a range of organizations in the Latin America region.  With Spanish and Portuguese translations now available, NIST expects to increase our engagement in that region. We would love to hear more about interest in the Framework in Latin America.

More broadly, we’ll continue to highlight international use cases and developments on our website and in our public engagements.  Following up on a well-received panel discussion at the November 2018 Cybersecurity Risk Management Conference that featured panelists discussing uses of NIST’s cybersecurity publications and tools by Bermuda, Israel, Switzerland, Uruguay, and the United Kingdom, we plan to highlight the use cases in which the Framework and other NIST documents are leveraged abroad.  We also will continue to highlight international success stories, like Japan’s use of the Framework for the Japanese Cross-Sector Forum, which Nippon Telegraph and Telephone (NTT) explained at the 2018 conference.

You can follow our international efforts on our website – and feel free to reach out to us with comments or suggestions at cyberframework [at] (cyberframework[at]nist[dot]gov).

About the author

Amy Mahn

Amy Mahn is an international policy specialist in the NIST Applied Cybersecurity Division.  Amy’s primary focus in this role is support of the international aspects and alignment of the Framework for Improving Critical Infrastructure Cybersecurity. Amy previously worked eleven years at the Department of Homeland Security in various roles, including international policy coordination in cybersecurity and critical infrastructure protection within the National Protection and Programs Directorate and the Office of Cyber, Infrastructure and Resilience Policy.

Related posts


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.