Close this search box.

We are creating some awesome events for you. Kindly bear with us.

United States NIST Cyber Security Framework: Standards which work as a translational tool across the world

United States NIST Cyber Security Framework: Standards which work as a translational tool across the world

The National Institute of Standards and Technology (NIST) Cyber Security Framework was created through the White House Executive Order 13636 in 2013, calling for improving critical infrastructure cybersecurity. This came at a time where there was a convergence of operational technology with information technology.

Since the creation of the NIST Cyber Security Framework, it has been highly regarded all over the world as a tool for regulating cyber space.

To learn more about the framework, OpenGov recently spoke to Matthew Barrett, Program Manager, Cyber Security Framework, NIST, about how the infamous framework was developed with the help of public-private sector collaboration and what they are doing to improve it over time.

He took on the position of Program Manager in 2014 after Kevin Stine, who worked during the development of the framework.

“I have taken over this post over a year ago to cover this era of understanding and use of the framework,” said Mr. Barrett.

Mr. Barrett comes from a program and executive management background. He brings a unique perspective to the Cyber Security Framework team, as he is able to highlight greater concerns such as risk management.

In creating the framework, the team at NIST travelled around the United States to five different cities, aiming to reach a broad amount of perspectives on cyber security. They hosted workshops with cyber security industry professionals and experts so that they could learn what they desired from the framework.

“We tried to reach the broadest amount of perspectives possible so that the framework would be useful!” stated Mr. Barrett.

When we asked Mr. Barrett how frequent this framework is being revisited, he explained why it does not happen as often as you may think.

“NIST’s perspective is a balancing act because you do not want to burden the framework too soon. That can actually stifle adoption,” Mr. Barrett explained to us, “You want folks to have a good time to figure out understand and decide how they are going to use it. Then they can adopt and adapt it as they will, to get the most value out of it.”

Late 2015, NIST took to the cyber security industry to ask if it was time to update the framework and what things people would like to see adjusted.

To this, they have received a lot of positive feedback about the framework. In addition, over 24 foreign governments had expressed alignment with the Cyber Security Framework principles and their interest in adopting parts of it within their own policies.

“This enhances the value proposition of the Cyber Security Framework as a translational tool,” Mr. Barrett exclaimed.

The framework is built for worldwide adoption because it is overarching functions with 22 categories and 98 subcategories. At that level of abstraction, it is a universal translator for cyber security standards.

“Having a unified view of the cyber security outcome at hand is critically important to making sure cyber security hits the mark,” stated Mr. Barrett.

We asked Mr. Barrett if there are any industries which have challenges to adopting the standards set by the Cyber Security Framework. He explains that it isn’t always such a simple picture for everyone, depending on what industry they come from.

“There are industries that are more distributed by their nature, and others are more centralised. For example, the financial services industry is very centralised and thus, very easy to get information out there and back quickly,” said Mr. Barrett, “We hear good feedback from those who are decentralised, such as dams and water participants. When your mission is far removed from cyber security, once we start relaying this increasing connectedness between cyber and physical, people tend to understand and agree that we need such a framework in place.”

With the growing IoT landscape, there have been many challenges that the security industry has had to address, when it comes to security.

To this, Mr. Barrett suggested that time is repeating itself and we reach some of the same challenges as when we first approached the convergence of operational and information technology.

“The internet of things is a distributed and more commonly available version of the convergence between operational and information technology,” Mr. Barrett said, “I think that network connected dimension that came to process controlled systems overtime, represents the same issue we face with the growing landscape of IoT.”

To provide more support to organisations, NIST is working to catalogue industry resources to list on their website. From time to time, the team updates their FAQ section to provide answers to some of the most pressing questions from the industry.

As the team behind the framework is rather slim, they also try to reach out to security professionals at meetings and conferences being held across the US.

NIST has just closed its framework response window but they will use this feedback to culminate a workshop at NIST from the 6th until the 7th of April, 2016. They welcome visitors from all over the world to their workshop which will touch on the developments of the Cyber Security Framework.


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.