NIST in the House – Empowering the Nation’s Cybersecurity Standards-Maker To Head Off Increasing Cyber Threats to the Government and Its Contractors.

Gunjan Talati
Kilpatrick
Contact
LinkedIn
Facebook
X
Send
Embed

Kilpatrick

The National Institute of Standards and Technology (NIST) recently received a vote of confidence in the U.S. House of Representatives that may increase its role and authority in defending the nation from cyber threats. On March 1, 2017, the House Committee on Science, Space and Technology approved the NIST Cybersecurity Framework, Assessment and Auditing Act of 2017 for submission to the broader House of Representatives. The Act proposes to amend the National Institute of Standards and Technology Act “to implement a framework, assessment, and audits for improving United States cybersecurity.” If passed, the Act would empower NIST to assess and audit and report to Congress regarding federal agencies’ cybersecurity defense capabilities. It also calls for NIST to submit to OMB guidance that would promote the incorporation of the NIST’s sweeping framework of cybersecurity controls, best practices, and procedures into all federal agencies’ existing cybersecurity practices for all federal agencies. Up until now, NIST has been toiling away on its framework while individual agencies picked and chose which aspects to incorporate into their cybersecurity regulations and contract clauses. The proposed law contemplates a more uniform approach.

Upgrading NIST from an advisory role to more of a regulator/auditor role could bring the federal government closer to effectively deploying uniform government-wide cybersecurity control standards. It might even reduce some of GAO’s concerns, echoed in its most recent iteration of the high risk list – that agencies have been sluggish in addressing even the severe cybersecurity risks they face. From a contractor’s perspective, uniformally implementing NIST will ideally provide predictability for contractors trying to understand in plain English the cybersecurity requirements that apply to their contracts. For now though, contractors must continue to navigate the patchwork of regulations across agencies that intermittently invoke NIST’s publications but leave many questions about implementation and compliance unanswered.

Readers interested in additional background and information on NIST and federal cybersecurity requirements in general may want to consider attending the authors’ presentation: “How to Prepare and Respond to a Data Breach” presented as part of Federal Publications Seminars’ “Government Contracts Week”, May 9-12, 2017 in La Jolla, California.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Kilpatrick | Attorney Advertising

Written by:

Kilpatrick
Kilpatrick
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Kilpatrick on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide