For the past many months, NIST has taken advantage of the shift to online events to deepen our international engagement. NIST looked overseas as we kicked off our virtual Cybersecurity Risk Management webinar series in May, along with our co-hosts from the Center for Cybersecurity Policy and Law. The event on May 25 drew registrants from over 70 countries and we shared and heard perspectives on international cybersecurity risk management. The event featured a panel discussion with speakers from Microsoft, NTT, the National Cyber Security Centre Ireland, and NIST focusing on the release of Technical Specification 27110: Information technology, cybersecurity and privacy protection — Cybersecurity framework development guidelines published by the International Organization for Standardization (ISO), in conjunction with the International Electrotechnical Commission (IEC) in February 2021. As noted in a recent international engagement update, this technical specification provides guidelines for developing a cybersecurity framework, including the consideration of concepts that align with the NIST Cybersecurity Framework’s (CSF) five functions: Identify, Protect, Detect, Respond, Recover. The event also included a fireside chat with participants from the National Cyber Security Centre UK, the Global Forum on Cyber Expertise Foundation, and Rapid7 to further explore these themes. If you were unable to attend, you can view the recording here.
We also co-hosted a virtual event open to our stakeholders throughout the world on August 4 focusing on Cyber Supply Chain Risk Management. Senior leaders at NIST and the Office of Management and Budget (OMB) provided updates on the tasks in the President’s May 12 executive order on strengthening cybersecurity related to supply chain security and discussed the work of the Federal Acquisition Security Council (FASC). Additionally, panels comprising government and industry professionals from NIST, the Office of the Director of National Intelligence (ODNI), Lumen, and Microsoft discussed their efforts to help federal agencies manage cybersecurity risks to supply chains. Other experts from industry, including Intel, ITI, and Palo Alto, highlighted some of the best practices they use to secure their own supply chains as well as those of their customers. If you missed it, please check out the recording of the event here. Information on the next event in the series will be available soon.
The NIST CSF increasingly is being used around the world. The Israel National Cyber Directorate (INCD) leveraged the CSF for its Cyber Defense Methodology; the directorate recently released Version 2.0 of that document, which we link to on our Cybersecurity Framework international resources page. More information on the approach for developing the initial version of this methodology is also outlined in the Success Story that INCD shared.
NIST continues to add new translations to our toolkit of resources, including the latest: a Portuguese translation of the 2020 revision to the National Initiative for Cybersecurity Education (NICE) Framework (SP 800-181r1). We also now have a Bahasa Indonesian translation of the Privacy Framework. NIST participated in a workshop hosted by the International Trade Administration (ITA) this past May to discuss the Privacy Framework ahead of the release of the translation.
Recognizing the expanded international interest in NIST’s cybersecurity and privacy resources – and NIST’s efforts to engage more deeply in communications with others around the globe – stay tuned for news about updates to NIST’s webpage to offer easier access to these documents as well as links to workshops and other activities relevant to the international audience.
If you have any questions or ideas about our ongoing international engagement or how you can become more involved, please reach out to amy.mahn [at] nist.gov for more information.