When it comes down to it, NIST’s cybersecurity and privacy work is all about its stakeholders. Our researchers and other staff can do the most extraordinary work to advance the state of the art or solve problems in these areas – but our success truly should only be measured by the difference we make in providing the best possible and most useful tools and information.
That’s why we put such a high premium on engaging with the public and private sectors, academia, and other stakeholders. NIST counts on developers, providers, and everyday users of cybersecurity and privacy technologies and information to provide input that we can use to help guide our priorities. This engagement also helps us to decide on the best methods and formats for delivering our information and services. In short, listening to and working with stakeholders enables NIST to produce useful and technically correct resources.
And it’s why we offer a variety of methods to do that. NIST engages in many ways – informal and formal. We participate with others in developing guidelines, coordinate and conduct joint activities with federal agencies, take part in international initiatives and information sharing, convene and participate in special topic forums and workshops, collaborate via research with industry and academia, solicit and receive comments on publications, and listen closely.
That’s a mode of operation for NIST as a whole, and it is especially true in our cybersecurity and privacy work as we take on challenging tasks. That was true in 2013 when NIST was directed to develop the “Framework for Improving Critical Infrastructure Cybersecurity,” better known today as the NIST Cybersecurity Framework. We made a concerted effort to fully engage not just with the critical infrastructure sectors but with all who were interested in forging a flexible, risk-based approach for managing cybersecurity. It was a successful approach that we have used before and since, emblematic of our interest in convening and hearing from all stakeholders. We receive plenty of kudos for that style of doing business, and we aim to repeat this success and to continue to find the most effective and efficient ways to actively listen to and work together with others.
In that spirit, we’ve just launched a new web page to encourage even greater participation and collaboration with us. I encourage you to check out the NIST “Cybersecurity & Privacy Stakeholder Engagement” page here: https://www.nist.gov/cybersecurity/cybersecurity-privacy-stakeholder-engagement. In addition to NIST’s specific program pages which provide you with opportunities to offer suggestions about and reactions to our work, this new page describes in one location the multiple methods for engaging with us. And if you have thoughts to share – including other approaches we might use to better or more conveniently connect with you – but aren’t sure about how best to engage, just email us at cybersecurity-privacy [at] nist.gov or tweet us @NISTcyber. We’re standing by.