EB-2 NIW for Cybersecurity & Critical Infrastructure: aligning evidence with Dhanasar, CISA and NIST
Goal: help cybersecurity and OT/ICS professionals translate real-world impact into EB-2 National Interest Waiver (NIW) language: prove national importance for a specific CISA sector, show you are well positioned to advance the endeavor in the U.S., and explain why waiving job offer/labor certification benefits the U.S. on balance.
Legal backbone (short): NIW is a discretionary waiver of job offer and PERM that applies after EB-2 eligibility (degree or exceptional ability) is established. Matter of Dhanasar sets a three-prong test. USCIS updated NIW guidance in 2024–2025, clarifying how officers analyze each prong.
Primary sources (links at the end): USCIS Policy Manual (EB-2 NIW), Matter of Dhanasar; USCIS Policy Alert 2025.
Below is a step-by-step evidence builder: pick a CISA sector, map artifacts to NIST CSF 2.0, and assemble them under Dhanasar’s three prongs.
Dhanasar
CISA sectors
NIST CSF 2.0
OT / ICS
Supply-chain risk
Who benefits
- Security architects/engineers working in energy, water/wastewater, transportation, communications, healthcare, etc.
- OT/ICS experts, DFIR leads, SBOM/SSDF and supply-chain vulnerability specialists.
- Leads implementing NIST CSF 2.0 and collaborating with ISACs/regulators/utilities.
Outcome: a practical checklist plus an interactive readiness score for your NIW dossier.
CISA sectors: where “national importance” is most evident
The more directly your work reduces risk in a critical sector, the easier it is to prove national importance.
Energy
Water & Wastewater
Transportation Systems
Communications
Healthcare & Public Health
Financial Services
Critical Manufacturing
Defense Industrial Base
NIST CSF 2.0 linkage: what artifacts to include
| CSF 2.0 Function | Evidence to include (examples) |
|---|---|
| Govern | Security strategy/policies, accountability; risk KPIs and roadmaps; participation in sector initiatives. |
| Identify | Sector risk profiles, OT/IT asset inventory, criticality mapping, supplier dependencies. |
| Protect | OT/ICS segmentation, Zero Trust, SBOM/SSDF, equipment hardening, access control. |
| Detect | ICS SIEM use-cases, telemetry coverage, MTTD deltas (before/after). |
| Respond | OT IR playbooks, purple-team exercises, MTTR improvements, ISAC/regulator coordination. |
| Recover | Recovery plans, RTO/RPO levels, post-incident resilience reports. |
Dhanasar’s three prongs: how to ground them in cyber
Prong 1 — Substantial Merit & National Importance
- Tie your project to a specific CISA sector and its risks (e.g., energy or water/WW).
- Impact artifacts: MTTD/MTTR reductions, telemetry coverage growth, maturity improvements.
- Supply-chain risk outcomes: SBOM/SSDF practices, supplier audit results, remediation plans.
USCIS may grant NIW where the endeavor has substantial merit and national importance and EB-2 eligibility is shown.
Prong 2 — Well Positioned to Advance
- Roles, certifications, patents; proven infrastructure deployments (POC → rollout).
- Support letters from operators/utilities, ISACs/regulators; industry awards/grants.
- Metrics: closed vulnerability classes, OT segmentation coverage, Zero Trust for substations/SCADA.
USCIS Policy Manual: establish EB-2 first; then officers evaluate NIW under Dhanasar’s factors.
Prong 3 — On Balance, Waiver is Beneficial
- Explain why job offer/LC delays would slow critical risk-reduction work (risk-oriented scenarios).
- U.S. scaling plan: roadmaps, partnerships, grants, staffing/operations, state/agency coordination.
- Public interest: population safety, service resilience, economic stability.
“Before considering NIW, the petitioner must demonstrate EB-2 eligibility” (meaningful extract from USCIS PM).
Full citations are provided in the Sources block.
Interactive NIW Evidence Builder
Select your sector and tick the artifacts you have — you will see your overall readiness and prong-by-prong progress.
Overall readiness
0%
Prongs 1 / 2 / 3
0% / 0% / 0%
Primary sources and how to use them in your NIW dossier
Official, citable documents (USCIS / AAO / CISA / NIST). Each entry explains which part of your argument it supports.
Core NIW criteria, three-prong analysis, and ordering: EB-2 eligibility first, NIW second. Use for definitions and adjudication logic.
The controlling AAO decision establishing the three prongs. Quote for headings and structure in your attorney cover letter.
Latest clarifications for 2024–2025. Cite to show current USCIS approach and the analysis order (EB-2 → NIW).
Official list of sectors and their risk context. Use to anchor national importance under Prong 1.
Functions Govern / Identify / Protect / Detect / Respond / Recover. Use to map your security artifacts to recognized practices (Prongs 1–2).
Guidance for secure software development and supply-chain governance. Relevant where SBOM/supplier risk is central (Prong 1).
Terminology and implementation resources from CISA. Supports supply-chain arguments (Prong 1) and strengthens your positioning (Prong 2).
How to cite: use USCIS PM/Dhanasar for criteria phrasing; rely on CISA sectors to justify national importance; use NIST CSF 2.0 (and SSDF/SBOM where relevant) to structure your technical artifacts and metrics. All links point to government sources.
