Global Appeal of NIST Cyber Framework Leads to Multiple Translations, Possible Updates

peshkov/Getty Images

The National Institute of Standards and Technology aims to ensure its forthcoming update to the cybersecurity guidance remains a flexible playbook domestic and international entities can adopt.

The future of the National Institute of Standards and Technology’s Cybersecurity Framework is global, as ally nations are beginning to utilize the U.S.-made cybersecurity guidance to secure its growing digital assets. 

Two policy leaders from NIST, International Policy Specialist Amy Mahn from the Applied Cybersecurity Division and Senior Technology Policy Advisor Cherilyn Pascoe, discussed the scope of the agency’s definitive Cybersecurity Framework at the RSA Conference on Thursday. 

Among the goals of the Cybersecurity Framework is to encourage widespread adoption of its recommendations to better fortify public and private sector digital networks. 

“They [cybersecurity recommendations] provide a list of outcomes of what we hope an organization will achieve when it comes to cybersecurity,” Pascoe said. “The framework can be used as…a strategic document to help an organization do a gap analysis and determine kind of where they want to go in their cybersecurity program.”

Adoption of the framework is voluntary, but Mahn mentioned that NIST’s work has garnered global attention, resulting in the translation of the framework into nine official languages to support diverse interest in cybersecurity.

“We've had individuals who have approached us saying they found value from the framework and translated it into their native language,” Mahn said. “We're continuing that process and have several more that we hope to release soon and are very excited to have those available to help with this uptake and use of the framework throughout the world.”

Mahn used Japan and Italy as examples of countries who have reviewed NIST’s guidance and incorporated it into their national policies. She added that as NIST looks to continue updating and refining the guidance, how it is utilized abroad can provide insight into necessary changes. 

“These are going to be very helpful for us to examine and consider as we do our update, and we are definitely interested in learning from the challenges and successes of our partners who have used the framework and new and different ways.”

International partnerships have been touted as a crucial component in developing policy for emerging technologies, especially in developing common standards for ethical and secure usage.

“Another area where we have been engaging with our partners internationally is in the standards development area,” Mahn said. “We've worked closely with partners and contributed to a number of documents that leverage and reference the CSF [Cybersecurity Framework].”

International use cases and outcomes could inform the changes NIST is set to make for its forthcoming update to the guidance, CSF 2.0. Mahn said that overall, users have found the guidance to be “very effective and beneficial” to managing cybersecurity risk, but added that NIST leadership is looking to hear more about how organizations are leveraging the guidance to further improve integration.

“So we want to ensure 2.0 makes it even easier for users to leverage and reference different work documents that NIST has in order to manage their risks,” Mahn said. “We want to make sure that 2.0 reflects these changes in technology and cybersecurity risks and remains something that can be applicable across a wide variety of technologies, information and operational and be flexible enough for new and emerging types of technologies.”

A draft of the 2.0 version is slated to debut later this summer.