Promoting international alignment and engaging with the international community has been an increasingly important focus for the Cybersecurity Framework effort. Because the Framework references globally accepted standards, guidelines and practice, organizations in the United States and abroad can use it to efficiently operate in a global environment and manage new and evolving cybersecurity risks. We have been expanding our international collaboration and alignment efforts for the Framework, and believe that this increased effort can be helpful to our partners all over the world as they seek to effectively and efficiently manage their cybersecurity risks.
To this end, we have some exciting developments on the international front as the Framework moves past its five year anniversary. Since its publication in February 2014, we’ve seen translations of the Framework in various languages as well as adaptations of the Frameworks by government and industries across the globe. Starting with the Japanese translation produced by Japan’s Information-technology Promotion Agency (IPA), we have seen versions of the Framework in Italian, Hebrew, Spanish, Arabic and, most recently, Portuguese. All of these translations can be found along with the many adaptations we’ve seen of the Framework on our International Resources page. (If you are aware of others or have any questions about our international resources, please let us know!)
On March 18th, 2019, NIST took part in a roundtable session in honor of the U.S. visit of Brazil President Jair Bolsonaro and his delegation hosted by the U.S. Chamber of Commerce. During the event, the Chamber, in conjunction with the Brazil-U.S. Business Council, took the opportunity to announce that it had produced the Portuguese translation of the Framework. During the event, the NIST team provided an overview of the Framework and highlighted the great collaboration we have had since meeting with Brazilian government and industry representatives in a September 2018 visit to the country organized by our colleagues at the U.S. International Trade Administration (ITA) to meet with government and industry in Brazil. That visit culminated in a cybersecurity event attended by more than 70 government and industry representatives that featured NIST on a government panel. We’ve had several productive follow-on conversations with Brazilian colleagues on use of the Framework, including how to apply it from a financial sector perspective. We also appreciated the chance to visit Brasilia in May 2019 to join colleagues from government and industry in a both a roundtable event organized by ITA to further discuss the Framework and a cybersecurity risk management workshop hosted by Brazil’s Cyber Defense Command to continue the dialogue on the Framework and how it can be implemented in various critical infrastructure sectors. We look forward to continuing this engagement!
Since the release of Version 1.1 of the Framework in April 2018, we have increased our bilateral dialogues with international partners on the Framework, and we intend to continue to pick up the pace even more. We’re grateful to our colleagues at the Organization of American States (OAS) and ITA for presenting us with opportunities to speak and engage with a range of organizations in the Latin America region. With Spanish and Portuguese translations now available, NIST expects to increase our engagement in that region. We would love to hear more about interest in the Framework in Latin America.
More broadly, we’ll continue to highlight international use cases and developments on our web site and in our public engagements. Following up on a well-received panel discussion at the November 2018 Cybersecurity Risk Management Conference that featured panelists discussing uses of NIST’s cybersecurity publications and tools by Bermuda, Israel, Switzerland, Uruguay, and the United Kingdom, we plan to highlight the use cases in which the Framework and other NIST documents are leveraged abroad. We also will continue to highlight international success stories, like Japan’s use of the Framework for the Japanese Cross-Sector Forum, which Nippon Telegraph and Telephone (NTT) explained at the 2018 conference.
You can follow our international efforts on our web site – and feel free to reach out to us with comments or suggestions at cyberframework [at] nist.gov.
Amy Mahn, International Policy Specialist, NIST
Amy Mahn is currently an international policy specialist in the Applied Cybersecurity Division at the National Institute of Standards and Technology. Amy’s primary focus in this role is support of the international aspects and alignment of the Framework for Improving Critical Infrastructure Cybersecurity. Amy previously worked eleven years at the Department of Homeland Security in various roles, including international policy coordination in cybersecurity and critical infrastructure protection.