Commerce Secretary Gina Raimondo recently announced restrictions on exporting artificial intelligence and advanced computer chips that violate international trade rules, impose risks on our nation’s cybersecurity, and seriously threaten the stability of industrial supply chains. Imposed and enforced by Commerce’s Bureau of Industry and Security (BIS), these export controls are fundamental to protecting our nation’s cybersecurity and maintaining U.S. technological leadership.

Improving the nation’s cybersecurity is a priority for Secretary Raimondo and the Commerce Department. In addition to BIS, other Commerce agencies are leading efforts to protect industry and government from current and future cyber threats. Efforts include promoting standards to help organizations manage and reduce cybersecurity risks; strengthening our cybersecurity by working with our trading partners and allies; and providing communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain, including cyber risks.

Cybersecurity Standards

The need for cybersecurity standards and best practices that address interoperability, usability, and privacy is critical to driving U.S. innovation and global competitiveness. Through the Cybersecurity Framework, Commerce’s National Institute of Standards and Technology (NIST) continues to help businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. Created through collaboration between industry and government, this voluntary framework offers high-level guidance to improve an organization’s cybersecurity posture.

To support use of the CSF, NIST is continuing to develop profiles aimed at helping sectors and organizations implement the framework. Many of these profiles are being developed by NIST’s National Cybersecurity Center of Excellence (NCCoE), which creates practical, standards-based cybersecurity solutions for organizations of all types and sizes. The CSF and its profiles are part of NIST’s larger ecosystem of cybersecurity guidance, much of which can be found on the NIST cybersecurity topic page.

Adoption of International Cybersecurity Standards

The strength of our nation’s cybersecurity depends partly on the security of our trading partners and allies, where U.S. companies do business, and the U.S. Government collaborates on development and policy exchanges.

Commerce’s International Trade Administration (ITA) works with partners and like-minded nations to promote the adoption of international cybersecurity standards, guidelines, and best practices, like the NIST Cybersecurity Framework. In this work, ITA leverages its international network, positioning U.S. businesses to grow and expand into foreign markets to provide the cutting-edge cybersecurity solutions that partner countries need.

Information Sharing on Supply Chain and Cyber Risks

The National Telecommunications and Information Administration (NTIA) runs an information-sharing program – the Communications Supply Chain Risk Information Partnership (C-SCRIP). C-SCRIP’s goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain, including cyber risks. NTIA works closely with other government partners to ensure that cybersecurity risk information is communicated quickly to stakeholders so they can take action to invest in and defend their networks.

The Department of Commerce has one overarching goal: Improve America’s Economic Competitiveness. Key to that goal is maintaining America’s position as a global leader in cybersecurity. Learn more in the Department’s 2022–2026 Strategic Plan.