Bill Defines New NIST Infosec Tasks

House Panel OKs Cybersecurity Coordination and Awareness Act
Bill Defines New NIST Infosec Tasks
A House panel Wednesday approved a bill to increase the role of the National Institute of Standards and Technology in developing international cybersecurity technical standards.

If enacted as approved, the Cybersecurity Coordination and Awareness Act also would charge NIST with creating IT security awareness and education campaigns for the public, improving the interoperability of identity management systems to encourage more widespread use and developing an IT security checklist for agencies to use before acquiring IT wares.

The bill, approved by the House Subcommittee on Technology and Innovation, goes to the full Science and Technology Committee, where it could be combined with another measure that requires an agency-by-agency cybersecurity skills assessment. If approved by the full committee, the legislation would go to the House.

The responsibility of coordinating the government representation in international cybersecurity standards development is parsed among different agencies without any consistent policy, said Rep. David Wu., the bill's sponsor and subcommittee chairman. He cited testimony from witnesses at a hearing two weeks ago who said NIST, because of its extensive technical expertise and established relationships with international bodies, would be ideally suited to serve as the government's coordinator on international cybersecurity standards.

In creating a public IT security awareness and education campaign, Wu cautioned NIST to be careful on its use of technical language. He credited NIST as a great resource for technical standards and best practices, but criticized it for too often providing guidance that is too technical for the average user. "The dissemination of more user-friendly standards will help raise the base level of cybersecurity knowledge among individuals, business, education and government," he said.

NIST already performs work on identity management systems such as biometrics, but this bill will direct the agency to improve the interoperability of these systems to encourage more widespread use. "By focusing on the usability and privacy aspects of identity management," Wu said, this bill "will ensure that biometric and other systems will be accepted by the public because they will have confidence in the security of their personal information."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.