Perspectives relevant for international organizations and governments of other nations.
"A lot of cybersecurity issues is still about raising awareness among people. It's still about making people aware that cybersecurity is not a state they can achieve but a process they have to execute every day again and again. And that's really the huge benefits that in this Cybersecurity Framework provided to us because it's this change of thinking.
It's not thinking of security as a state you can achieve, but it's a way of thinking security as a process. And that's really something that helped us to address the different challenges in cybersecurity."
Daniel Caduff, Deputy Head, ICT DIvision, Federal Office for National Economic Supply, Government of Switzerland
November 8, 2018 - NIST Cybersecurity Risk Management Conference
"When the NIST Cybersecurity Framework was first introduced, it was introduced at fairly senior levels, to members of Cabinet. And they were very responsive to that. And they were very impressed that this was a framework that was endorsed and developed by the US federal government. And they were also impressed by the alignment with other standards such as COBIT and ISO, for example."
Stewart Daniels, Security Manager, Department of Information and Digital Technologies, Government of Bermuda
November 8, 2018 - NIST Cybersecurity Risk Management Conference
"Since the NIST Cybersecurity Framework is globally applied, it has helped the Cross-Sector Forum have a shared language among different industry sectors and facilitated our comprehensive discussions between member companies in Japan and their subsidiaries outside Japan.”
Koji Ueno, Chairperson, Japanese Cross-Sector Forum
October 2018 – Framework Success Story
“The value of the NIST Cybersecurity Framework cannot be overstated for our organization, as the Framework has provided a common language to organize and communicate about our events, cybersecurity certifications, and training offerings.”
Frank Downs, Director of Cybersecurity Practices, ISACA
October 2018 - Framework Success Story
"NIST CSF is very successful and easy when it comes to implementation and helped us to conform to many cyber security regulatory requirements....The industry is well versed with CSF structure of implementation and informative references provides scope to consider different frameworks."
Dr. Kuljeet Kaur, IT System Administrator / Security Officer at Opus Fund Services
December 18, 2018 - Privacy RFI Response
“We are encouraged to see updates to Draft 2 that will broaden the use of the CSF and continue to reinforce its organizational-, sector-, and country-agnostic approach to cybersecurity risk management and resilience.”
John Britton, Sr. Strategist, Amazon Web Services
January 18, 2017 - AWS RFC Response
“This is a powerful and flexible framework that I see being adopted globally.”
Lance Spitzner, Director, SANS Securing The Human
December 16, 2017 – SANS RFC Response
“BSI applauds NIST for their continued quest to meet the objectives of continual improvement and international harmonization. This new draft is a prime example of both.”
John DiMaria, Global Product Champion for Information Security and Business Continuity, BSI
January 1, 2018 – BSI Group RFC Response
“CTA strongly supports the Framework as a tool for managing cyber risk. It has become a valuable reference document not just within the U.S., but globally, and we believe it is very important to continue to build on the original quality product.”
J. Michael Daniel, President & CEO, Cyber Threat Alliance (CTA)
January 19, 2018 – CTA RFC Response
“TIA has participated in NIST’s process since the Framework’s inception and is pleased to see the Framework continue to gain popularity as an invaluable resource for cybersecurity risk management across sectors and internationally….In the few years since its publication, the tangible, voluntary nature and utility of the Framework has led to its use beyond the scope of the critical infrastructure organizations for which it was originally conceived. Such use is indicative of the success of the Framework as a burgeoning cybersecurity risk management tool.”
Savannah Schaefer, Policy Counsel, Government Affairs Telecommunications Industry Association (TIA)
January 19, 2018 – TIA RFC Response
“The framework continues to provide much needed cohesion among national and international stakeholders in every sector.”
Rob Arnold, Founder & CEO, Threat Sketch
January 19, 2018 – Threat Sketch RFC Response
"Awareness of CSF is increasing, and foundation for international collaboration is being built in Japan….since many corporate executives in Japan are aware of METI's Guideline, it is expected that awareness of NIST CSF among Japanese senior executives will increase….[An April 2017 Information Promotion Agency survey] shows 33% of Japanese companies 'refer to or use' NIST CSF….[a] Cross Sector Forum where 30+ Japanese blue chip companies from different industries have had multiple study-sessions on CSF."
Shinichi Yokohama, Head, Cyber Security Integration, NTT Corporation
January 18, 2018 – NTT Corporation RFC Response
“The NIST Framework is an invaluable tool that helps fills a gap in the need to secure cybersecurity. IFIA supports NIST’s effort to continuing improving it based on stakeholder input….”
Roberta Telles, Executive Director Americas and Hanane Taidi, Director General International, International
Federation of Inspection Agencies (IFIA)
January 19, 2018 – IFIA RFC Response
“The Cybersecurity Framework is increasingly being adopted by a full range of critical infrastructure and other organizations, both in the US and internationally. The flexibility built into the Framework recognizes that different organizations have diverse business and cybersecurity priorities, and face a range of distinct threats. The Framework provides a common lexicon for communicating cybersecurity threats both within and across organizations, and it promotes continuous assessment and improvement.”
CA Technologies
January 19, 2018 – CA Technologies RFC Response
“The adoption of a common cross-sector cybersecurity framework, such as the US’s National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity can support the development of a comprehensive cybersecurity framework and create efficiencies, facilitate communication across energy supply chains and stakeholders, and locate key areas of cyber risk management….Governments can also drive the establishment of cybersecurity standards. For example, the US NIST Cybersecurity Framework was developed with a view to international adoption; there is value for companies to have a globally consistent framework and standard to avoid confusion, duplication of effort, and/or conflicting expectations.”
World Energy Council - World Energy Perspectives, The Road to Resilience, 2016 (p. 25)
“The mutual fund industry, represented by the Investment Company Institute (ICI), regularly shares information on threats and mitigation strategies via meetings of its Chief Information Security Officer Advisory Committee. ICI hosts one-day Cybersecurity Forums involving ICI members, security vendors, consultants, and law enforcement entities in the United States and London. In addition, ICI developed a detailed cybersecurity survey for its members, which has shown that many firms’ cybersecurity programs are consistent with the framework and that most companies use an amalgam of standards and guidelines in developing and maintaining their information security programs.”
U.S. Chamber of Commerce
February 9, 2016 – US Chamber of Commerce RFI Response
Resources related to this user group.