U.S. Rep. Lamar Smith (R-TX), chairman of the House Science, Space, and Technology Committee, along with U.S. Rep. Ralph Abraham (R-LA), recently introduced a bill to examine the cybersecurity capabilities of various federal agencies and require regular audits of their progress as more security-based initiatives are implemented.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework, Assessment, and Auditing Act of 2017 takes a series of actions to follow NIST’s cybersecurity protocols and technical standards and directs the institute to establish outcome-based metrics for testing the effectiveness of federal agencies’ cybersecurity protections.
The bill also requires NIST to submit a report to Congress on the results of an initial assessment and subsequent regular audits of agencies most at-risk of a cybersecurity attack. NIST will also provide guidance to federal agencies that use the institute’s cybersecurity framework.
“The aftermath of several recent data breaches, including those at OPM, IRS and FDIC, showed that our federal government is a top target for cyber-attacks,” Smith said. “Because the government collects personally identifiable information on all Americans, it is of the utmost importance that our cybersecurity framework is as secure as possible.”
The bill’s introduction comes in the wake of a hearing by the House Subcommittee on Research and Technology that examined various oversight and policy aspects of federal cybersecurity issues.
“Current practices to protect our federal cybersecurity systems are insufficient,” Abraham said. “This bill will help the federal government implement a consistent, user-friendly framework that each agency can tailor to meet its own unique cybersecurity needs, and it provides the National Institute of Standards and Technology the authority it needs to help ensure our federal agencies’ cybersecurity systems are up to standard.”