Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for CybersecurityThis report sets out proposed United States Government (USG) strategic objectives for pursuing the development and use of international standards for cybersecurity and makes recommendations to achieve those objectives. The recommendations cover interagency coordination, collaboration with the U.S. private sector and international partners, agency participation in international standards development, standards training and education, use of international standards to achieve mission and policy objectives, and other issues. NISTIR 8074 Volume 2, Supplemental Information for the Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity provides additional background on
international cybersecurity standardization. National Institute of Standards and TechnologyNIST_36a9a026-66b6-11e0-86fc-e93d7a64ea2aMichael HoganEditorElaine NewtonEditorInformation Technology LaboratoryOffice of the Director --
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in Federal information systems. Standards Developing OrganizationsCybersecurity relies upon a diverse set of standards including standards whose scopes are specific to one or more attributes of cybersecurity and standards from other domains that are relevant to cybersecurity. The U.S. standardization community is comprised largely of non-governmental Standards Developing Organizations (SDOs). These groups are primarily shaped by industry participation and are motivated by market forces. USG participation is motivated by the need to achieve cost-efficient, timely and effective solutions for mission and policy objectives. These diverse motivations are mutually beneficial. _6e366370-4c72-11e5-bde4-b94fe89d703bTo sets out proposed United States Government (USG) strategic objectives for pursuing the development and use of international standards for cybersecurity ..._6e366550-4c72-11e5-bde4-b94fe89d703bCybersecurityCybersecurity is the prevention of damage to, unauthorized use of, or exploitation of, and, if needed, the restoration of electronic information and communications systems and the information contained therein to ensure confidentiality, integrity, and availability.ResilienceResilience is the ability of both the private sector and the government to reduce the magnitude and/or duration of disruptive events to critical infrastructure. The effectiveness of a resilient infrastructure or enterprise depends upon its ability to anticipate, absorb, adapt to, and/or rapidly recover from a potentially disruptive event.Security & SafetyEnhance National and Economic Security and Public Safety_6e366604-4c72-11e5-bde4-b94fe89d703b1InventoryEnsure there is a sufficient inventory of international standards that can serve as a basis for the cybersecurity and resiliency of U.S. organizations, particularly critical infrastructure._6e36669a-4c72-11e5-bde4-b94fe89d703b1.1ProcurementUse international standards as a key part of USG procurement policy to support secure and resilient operations._6e36673a-4c72-11e5-bde4-b94fe89d703b1.2USG InterestsEnsure that international standards meet the cybersecurity interests of the USG including protecting against illicit cyber activities or actions by terrorist groups and hostile nation-state actors. _6e3667d0-4c72-11e5-bde4-b94fe89d703b1.3Standards & Assessment ToolsEnsure standards and assessment tools for the USG are Technically Sound_6e366866-4c72-11e5-bde4-b94fe89d703b2Development & UseSupport the development and use of new standards by taking into account: the scope of standardization work of candidate SDOs, U.S. industry preferences, USG needs, and the recent track record of candidate SDOs in particular areas of cybersecurity standardization. _6e366906-4c72-11e5-bde4-b94fe89d703b2.1Soundness & FitnessDeveloping technically sound and fit for purpose standards in open, transparent, and consensus-based processes, and updating as often as necessary in collaboration with the private sector. _6e3669a6-4c72-11e5-bde4-b94fe89d703b2.2CoordinationSupporting coordination among SDOs to avoid duplication, promote interoperability, maximize the utility of standards projects, and extend the field of application for existing standards. _6e366a46-4c72-11e5-bde4-b94fe89d703b2.3SDOsAssessment ToolsSupport the development and use of associated assessment tools (e.g., reference implementations, conformance and interoperability test suites) to complement timely, technically-sound standards development. _6e366ae6-4c72-11e5-bde4-b94fe89d703b2.4International TradeFacilitate International Trade_6e366b86-4c72-11e5-bde4-b94fe89d703b3Standards & AssessmentsSupport the development and use of international standards and associated assessment schemes for cybersecurity (where relevant, effective, and appropriate), which can promote international trade and provide a level playing field for U.S. companies. _6e366c26-4c72-11e5-bde4-b94fe89d703b3.1U.S. CompaniesMarket RelevanceEnsure market relevance by developing standards in response to industry, government and consumer requirements and timelines._6e366cd0-4c72-11e5-bde4-b94fe89d703b3.2Innovation & CompetitivenessPromote Innovation and Competitiveness_6e366d7a-4c72-11e5-bde4-b94fe89d703b4CollaborationSupport the development and use of international standards in collaboration with U.S. industry, to foster open and fair competition. _6e366e1a-4c72-11e5-bde4-b94fe89d703b4.1U.S. industryCompetitiveness & EquitiesPromote the inclusion of existing and emerging technologies in international standards that boost U.S. competitiveness and ensuring that USG equities are well represented in those standards.
_6e366ece-4c72-11e5-bde4-b94fe89d703b4.2Performance StandardsEncourage the development and use of performance standards for cybersecurity, where appropriate._6e366f78-4c72-11e5-bde4-b94fe89d703b4.3Performance standards generally are more likely to encourage innovation and enable competition than prescriptive design standards. Prescriptive design standards are sometimes necessary, however, particularly for describing test methods or procedures.2015-08-26OwenAmburOwen.Ambur@verizon.net