NIST cybersecurity framework in south america: Argentina, Brazil, Chile, Colombia, And Uruguay

Abstract

As technology advances at a frenetic pace, interoperability and resilience are critical elements in an increasingly interconnected world, even more so in the new era of telework. The use of technology standards facilitates faster adoption of new products and services by entities and individuals, while also benefitting manufacturers who can prioritize resources. In the technology sector, industry players tend to lead the definition and adoption of new standards, as the winning standard (if multiple alternatives are competing) will see the benefits of being widely adopted. In the case of cybersecurity, due to its complex nature that combines products (hardware) and services (software) the standard setting mechanism is more intricate and cannot be driven by a single player. In 2013, due to the numerous cybersecurity incidents registered in the United States, President Obama issued an executive order tasking the National Institute of Standards and Technology (NIST) with the development of a Cybersecurity Framework, as a collaborative effort by a wide range of industry players and interested parties. Since its inception, and despite the voluntary character of its adherence, the framework has acted as a de facto standard in United States and other countries, it has been adopted by many companies and organizations to measure its maturity in this important area. The aim of this paper is to identify the influence that the framework has had in selected countries in South America.