NIST throws light on international engagement, as agency continues work on its Cybersecurity Framework 2.0

International engagement plays a crucial role in several ongoing National Institute of Standards and Technology (NIST) efforts which include the update of the ‘Journey to the Cybersecurity Framework (CSF 2.0),’ revision of digital identity guidelines, and boosting awareness on the NIST Privacy Framework and IoT cybersecurity work. The agency has also undertaken several meetings and held workshops with international participants. 

‘One recent international engagement was a visit from a team of NIST representatives to Brussels, Belgium in March of this year. As part of this trip, NIST’s subject matter experts presented on NIST IoT cybersecurity guidance and the CSF 2.0 update at the European Union (EU) Cyber Act Conference,” Amy Mahn, international policy specialist in the NIST Applied Cybersecurity Division, wrote in a blog post. 

She added that while in Brussels, NIST also participated in a series of meetings and roundtables to share information and foster dialogue and opportunities for collaboration on key resources. “NIST briefed interagency colleagues at the U.S. Embassy, as well as our colleagues at the European Union on our cybersecurity and privacy efforts. These efforts were facilitated by the State Department and International Trade Administration (ITA) within the Department of Commerce as well as industry organizations.” 

Another critical aspect of this trip was NIST’s participation in meetings for the U.S, EU Trade and Technology Council (TTC), Mahn outlined. “A big focus of these discussions was digital identity. NIST has been leading conversations and efforts within a subgroup of TTC Working Group 1—the working group focused on Technology Standards.” 

In Brussels, NIST presented the planned content and an outline of the fourth revision to Special Publication (SP) 800-63, Digital Identity Guidelines, Mahn revealed. “We also received audience feedback during a public Roundtable Workshop hosted by the NIST-led Digital Identity Subgroup. Other topics for TTC meetings and stakeholder events throughout the week included levels of assurance and international standards.” 

She added that at NIST’s February 2023 virtual workshop on the CSF 2.0 update, participants from the Italian and New Zealand governments and the Mexican industry spoke on panels. “In addition, participants joined from several countries. We are continuing to learn and benefit from international use cases and look forward to hearing even more in the months to come as we release our full draft 2.0!” 

Mahn said the agency also continued its international engagement at the RSA Conference in April. “NIST leveraged the international audience that attends RSAC and met with various international partners to discuss the CSF update along with other NIST cybersecurity and privacy resources. NIST also delivered a presentation at the conference that focused on the CSF 2.0 update, which included information on international uptake.” 

She added that “We expressed the importance and value of international engagement during this update process and highlighted how government and industry across the world have participated in the update. We also mentioned the draft discussion core was hot off the press and out for public comment during RSAC.”

On the sidelines of these events, NIST also met with digital identity team representatives from the U.K. to discuss respective work in this area and opportunities for continued collaboration. “This topic will continue to be an important focus area for NIST and our international engagement moving forward. NIST also had discussions with the European Commission on several topics and heard from their partners about policy issues within Europe and the lessons learned from the implementation of the Network Information Security (NIS) 2 Directive,” according to Mahn. 

She added that this feedback will be valuable as NIST navigates the CSF 2.0 update. “The Cyber Resilience Act was also raised in several meetings and NIST shared information on the approach taken with Executive Order 14028 and IoT cybersecurity and cybersecurity supply chain risk management guidance. NIST has already had several follow-up conversations with the European Commission on the CRA and IoT cybersecurity and will continue to identify areas for collaboration as a follow-up to this trip.”

On home turf, Mahn said that NIST has continued to welcome visitors to the NIST campus and the National Cybersecurity Center of Excellence, including representatives from government and industry from India, France, Norway, Cote d’Ivoire, and Canada. NIST also met with delegations sponsored by the State Department’s International Visitor Leadership Program (IVLP), including groups with representatives from Uzbekistan, Vietnam, and countries across Europe. 

She added that these conversations “always provide a unique opportunity to learn from our international partners and share the work we are doing with industry across a variety of areas, including cybersecurity, 5G security, post-quantum cryptography, digital identity, artificial intelligence (AI), and many other topics.” 

NIST has also collaborated with the State Department on participation in various international dialogues, including the US-Japan Cybersecurity Dialogue and US-Switzerland Dialogue to discuss the CSF 2.0 update, IoT cybersecurity guidance, and other resources.

Earlier this month, the U.S. House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino led a bipartisan Congressional Delegation (CODEL) to the Netherlands, Estonia, and the U.K. The team discussed with leaders their national cybersecurity approach and ways the countries can work together to strengthen information sharing and increase collective defense against cyber adversaries.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.