Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

International Resources

General

Critical Infrastructure

SMB

International

Federal

Assessment & Auditing

SLTT

Academia

Resources relevant for international organizations and governments of other nations. NIST has not verified the accuracy of translations of the Cybersecurity Framework.

Translations

A direct, literal translation of the language of Version 1.0 or 1.1 of the Framework. No content or language is altered in a translation.

  • Arabic Translation of the NIST Cybersecurity Framework V1.1 (Page Not in English)
    • Translated by Ali A. AlHasan, PMP, CISSP,CISA, CGEIT, CRISC, CISM and Ali AlHajj.  Reviewed by Schreiber Translations, INC (STI).  Not an official U.S. Government translation.
  • Bulgarian Translation of the NIST Cybersecurity Framework V1.1 (Page Not in English) 
    • Translated by Professor Vladimir Dimitrov, University of Sofia, Bulgaria. Reviewed by Global Language Translation and Consulting (GLTac). Not an official U.S. Government translation.
  • Japanese Translation of the NIST Cybersecurity Framework V1.1 (Page not in English)
    • This is a direct translation of Version 1.1 of the Cybersecurity Framework produced by the Japan Information-technology Promotion Agency (IPA).
  • Portuguese Translation of the NIST Cybersecurity Framework V1.1
    • Translated courtesy of the US Chamber of Commerce and the Brazil-US Business Council.  Not an official U.S. Government translation.
  • Spanish Translation of the NIST Cybersecurity Framework V1.1  
    • The Spanish language Cybersecurity Framework Version 1.1 was translated under government contract.

Adaptations

A version of the Framework that substantially references language and content from Version 1.0 or 1.1 but incorporates new, original content. An adaptation can be in any language.

  • Israel’s Cyber Defense Methodology For An Organization
    (A document developed by The National Cyber Security Authority (NCSA) for the protection of Cyberspace in the public interest.)
  • Italy's National Framework for Cyber Security (Documents available in Italian and English)
    (A strategy, which derives much of its content from Version 1 of the Cybersecurity Framework, aims to provide organizations a homogeneous and voluntary approach to manage cybersecurity risks.)
  • Ontario Cyber Security Framework: https://www.oeb.ca/sites/default/files/Ontario-Cyber-Security-Framework-20171206.pdf
    (A Framework developed by the Ontario Energy Board (OEB) and is used as the common basis for assessing and reporting capability to the OEB.)
  • Scotland's Public Sector Action Plan 2017-2018
    (This adaptation, the “Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland” Public Sector Action Plan 2017-2018, was developed in partnership by the Scottish Government and the National Cyber Resilience Leaders’ Board (NCRLB). This adaptation sets out the key actions that the Scottish Government, public bodies and key partners will take up to the end of 2018 to further enhance cyber resilience in Scotland’s public sector.)
  • Uruguay's Cybersecurity Framework v4.0 (Page not in English)
    (A Framework produced by the Agency Electronic Government and Information Society and Knowledge (AGESIC) within the Government of Uruguay.)

Additional Guidance

  • Australian Securities and Investments Commission’s (ASIC) Report 651 - Cyber resilience of firms in Australia’s financial markets: 2018–19
    (This report identifies key trends from self-assessment surveys completed by financial markets firms and highlights existing good practices and areas for improvement.)
  • Baltic and International Maritime Council (BIMCO) Ship Guidelines The Guidelines on Cyber Security Onboard Ships
    (Developed by several international organizations, this resource is a set of guidelines designed to assist companies in formulating their own approaches to cyber risk management onboard ships.)
  • Coalition to Reduce Cyber Risk’s (CR2) Seamless Security: Elevating Global Cyber Risk Management Through Interoperable Frameworks
    (A white paper promoting cybersecurity risk management, the use of international standards and interoperable national cyber frameworks as the best approach to improving cybersecurity outcomes globally.)
  • The ECSO Cybersecurity Market Radar
    (A comprehensive visualization tool, representing the European-based cybersecurity product vendors, service providers and consultancy offerings.)
  • OAS & AWS's NIST Cybersecurity Framework White Paper
    (Addresses the main advantages and opportunities offered by the NIST methodology for cyber risk management in all technology services.)
  • Switzerland's Information and Communications Technology (ICT) Minimum Standard (Page Not in English)
    (This minimum standard was developed by Switzerland’s Federal Office for National Economic Supply (FONES). The Minimum ICT Standard serves as a recommendation and potential guide to improving ICT resilience.  While it is aimed in particular at operators of critical infrastructures, it is applicable to any business or organization and is freely available.)
  • United Kingdom’s Cabinet Office Minimum Cyber Security Standard
    (A minimum standard developed in collaboration with the UK government and National Cyber Security Centre (NCSC). This document defines the minimum security measures that UK Departments shall implement with regards to protecting their information, technology and digital services to meet their SPF and National Cyber Security Strategy obligations.  The SPF provides mandatory protective security outcomes that all Departments are required to achieve.)
  • United Kingdom’s National Cyber Security Centre NIS Guidance Collection
    (A set of guidance from the UK National Cyber Security Centre (NCSC) and Department of Culture, Media and Sport (DCMS) for meeting requirements for the Network and Information Systems (NIS) Directive.)
  • United Kingdom’s National Cyber Security Centre Risk management collection
  • United Nations' International Maritime Organization  Guidelines on Maritime Cyber Risk
    (These guidelines provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities.)
  •  
Created February 6, 2018, Updated May 26, 2020