NIST in the House – Empowering the Nation’s Cybersecurity Standards-Maker To Head Off Increasing Cyber Threats to the Government and Its Contractors.

The National Institute of Standards and Technology (NIST) recently received a vote of confidence in the U.S. House of Representatives that may increase its role and authority in defending the nation from cyber threats. On March 1, 2017, the House Committee on Science, Space and Technology approved the NIST Cybersecurity Framework, Assessment and Auditing Act of 2017 for submission to the broader House of Representatives. The Act proposes to amend the National Institute of Standards and Technology Act “to implement a framework, assessment, and audits for improving United States cybersecurity.” If passed, the Act would empower NIST to assess and audit and report to Congress regarding federal agencies’ cybersecurity defense capabilities. It also calls for NIST to submit to OMB guidance that would promote the incorporation of the NIST’s sweeping framework of cybersecurity controls, best practices, and procedures into all federal agencies’ existing cybersecurity practices for all federal agencies. Up until now, NIST has been toiling away on its framework while individual agencies picked and chose which aspects to incorporate into their cybersecurity regulations and contract clauses. The proposed law contemplates a more uniform approach.

Upgrading NIST from an advisory role to more of a regulator/auditor role could bring the federal government closer to effectively deploying uniform government-wide cybersecurity control standards. It might even reduce some of GAO’s concerns, echoed in its most recent iteration of the high risk list – that agencies have been sluggish in addressing even the severe cybersecurity risks they face. From a contractor’s perspective, uniformally implementing NIST will ideally provide predictability for contractors trying to understand in plain English the cybersecurity requirements that apply to their contracts. For now though, contractors must continue to navigate the patchwork of regulations across agencies that intermittently invoke NIST’s publications but leave many questions about implementation and compliance unanswered.

Readers interested in additional background and information on NIST and federal cybersecurity requirements in general may want to consider attending the authors’ presentation: “How to Prepare and Respond to a Data Breach” presented as part of Federal Publications Seminars’ “Government Contracts Week”, May 9-12, 2017 in La Jolla, California.

Written by:


Kilpatrick Townsend & Stockton LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.