A new report by an interagency working group details objectives and recommendations to enhance the U.S. government's coordination and participation in the development of international cybersecurity standardization. Ultimately, implementation of the recommendations will help foster the development —and success —of a comprehensive cybersecurity standardization strategy in the United States.
The National Institute of Standards and Technology (NIST), an American National Standards Institute (ANSI) member, seeks public comments on the report by September 24, 2015.
The draftedReport on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurityincludes recommendations for interagency coordination, collaboration with the U.S. private sector and international partners, agency participation in international standards development, standards training and education, use of international standards to achieve mission and policy objectives, and other issues. Intended to help achieve USG strategic objectives in cybersecurity, these recommendations could also provide the basis for guidance from White House leadership to federal agencies.
The NSC Cyber Interagency Policy Committee's International Cybersecurity Standardization Working Group for the Administration authored the document, which will serve as the basis of a required report to Congress. As NIST reports, the draft is an action following the Cybersecurity Enhancement Act of 2014, which required NIST to collaborate with relevant federal agencies to "ensure interagency coordination in the development of international technical standards related to information system security" and to "ensure consultation with appropriate private stakeholders."
A supplementary draft provides a guide to understanding cybersecurity standards, highlighting why they are critical and providing a list of SDOs and their involvement, available here.
Access the draft, the supplementary guide, and comment templates on the NIST site
As coordinator of the U.S. standardization system, ANSI encourages its members and stakeholders to review the document and submit comments by the requested deadline. There are many standards developing organizations working in the cybersecurity space, and these perspectives will be critical in helping NIST to advance their efforts in this area.
In addition to the work that the SDO community is doing, ANSI itself has been engaged in cybersecurity initiatives for many years. The topic has been an area of focus for the Homeland Defense and Security Standardization Collaborative. ANSI has also partnered with the Internet Security Alliance on a number of cybersecurity projects: an action guide for CFOs in 2008, a follow-up implementation framework in 2010, and a separate report focused on enhanced security for protected health information in 2012. And many key cybersecurity standards are developed by JTC 1, the joint committee of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that focuses on information technology. ANSI is the secretariat for JTC 1, and the U.S. also holds the chairmanship, with Karen Higginbottom of HP currently serving her third term in the role.
During this year's World Standards Week, ANSI's International Policy Committee (IPC) and Company Member Forum (CMF) will also address the broad topic of cybersecurity.