How Congress and NIST Can Help Organizations Better Manage Cyber Risk
On Aug. 25, the Biden administration announced a new public-private initiative to improve the nation’s cybersecurity. The White House directed the National Institute for Standards and Technology (NIST) to partner with industry and other stakeholders to develop a new framework to “improve the security and integrity of the technology supply chain.”
The White House’s announcement represents the federal government’s growing focus on how the standards-setting agency can help provide cybersecurity guidance for organizations to improve their cybersecurity risk management. In July, President Biden announced an executive action requiring NIST and the Department of Homeland Security to establish “cybersecurity performance goals” for critical infrastructure.
Also in July, members of the House Science, Space, and Technology Committee introduced bipartisan legislation, the NIST for the Future Act, to reauthorize the critical agency. Chairwoman Eddie Bernice Johnson described the legislative proposal as “a comprehensive reauthorization of the agency that will help ensure NIST has the authorities and resources it needs to carry out its mission.”
The reauthorization bill would update NIST’s authorities and responsibilities for developing standards and identifying best practices for cybersecurity and privacy. Specifically, the legislation would expand NIST’s current legal authorities to include new responsibilities involving supply chain management and software development, cloud computing, and privacy protection.
These are all appropriate updates to NIST’s mission and responsibilities. But as Congress reauthorizes NIST, lawmakers should answer security experts’ recommendation that NIST’s cybersecurity framework and best practices should be prioritized and evaluated in a meaningful way to help organizations better manage cybersecurity risks.
Click here to read the full article at Lawfare