Addressing global needs is a critical part of NIST’s work in the evolution of the Cybersecurity Framework, especially as we continue to see international adaptions and use cases to address emerging risks. Recently translated into French and Ukrainian, the Framework is now available in 10 languages, and additional translations are in the works. With a growing user base around the world, the Framework is primed for an update that draws more deeply on international viewpoints.
The recently released Request for Information (RFI) on “Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management” emphasizes the importance of international perspectives for updating NIST’s resources. The RFI includes questions on international use of the Framework and opportunities to improve alignment or integration with other frameworks, such as international approaches like the ISO/IEC 27000-series, including ISO/IEC TS 27110. In addition to broad use by international companies, the Framework has been adapted by other countries, and the RFI asks what steps NIST should consider to ensure any update further increases international use.
The RFI also asks for feedback on ways to better align the Cybersecurity Framework with other NIST resources, including privacy risk management resources. Additionally, it seeks input on identifying and prioritizing supply chain-related cybersecurity needs.
Responses will help NIST to better understand how the Framework is being used today and better discern what’s working and what could work better. Feedback from international partners will improve the Framework’s alignment with other approaches around the globe and help ensure that the approaches complement each other. We encourage responses to this RFI by the April 25, 2022, deadline. More information on the request and NIST’s efforts can be found here.
NIST continues to share information on the Cybersecurity Framework and other resources with others around the world. Recent initiatives include:
- Participation in the U.S.-Spain cybersecurity dialogue in Madrid with other federal government partners.
- Presentation on the Framework in virtual events on cybersecurity and privacy in Central America and Vietnam, facilitated by the International Trade Administration (ITA).
- The Cybersecurity Risk Management Virtual Event Series, co-hosted with the Center for Cybersecurity Policy and Law. The final event on January 27, 2022, focused on quantifying and buying down cybersecurity risk. The recording of the event can be found here.
Information on upcoming events that include an international focus and are open to the public will be posted on the International Cybersecurity and Privacy Resources page.
In addition to the many translations of the Cybersecurity Framework itself, a number of other translations will be available in coming weeks These include:
- Special Publication (SP-181) and SP-181 Rev 1, the National Initiative for Cybersecurity Education (NICE) Framework, translated into Ukrainian
- The Privacy Framework translated into Arabic
- “Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide” translated into Spanish and Portuguese
- “Ransomware Risk Management: A Cybersecurity Framework Profile” translated into Spanish and Portuguese
- “Getting Started with Ransomware Cybersecurity Management: Ransomware” translated into Spanish and Portuguese
Additional translations will continue to be posted on the International Cybersecurity and Privacy Resources page.
Source – NIST: Read More