House advances cybersecurity framework, audit legislation
The U.S. House of Representatives passed the National Institute of Standards and Technology (NIST) Cybersecurity Framework, Assessment, and Auditing Act of 2017 (H.R. 1224) this week, which examines the cybersecurity capabilities of various federal agencies and requires regular audits of their progress as more security-based initiatives are implemented.
The bill was introduced by U.S. Reps. Lamar Smith (R-TX), Ralph Abraham (R-LA), Frank Lucas (R-OK), Barbara Comstock (R-VA) and Steve Knight (R-CA).
The bill takes a series of actions to apply NIST’s cybersecurity protocols and technical standards to federal agencies, while directing the institute to establish outcome-based metrics for testing the effectiveness of federal agencies’ cybersecurity protections.
The bill also requires NIST, a federal measurement standards laboratory, to complete an initial audit of vulnerable agencies’ cybersecurity protections, conduct a series of regular audits, and submit a final report to Congress.
“H.R. 1224 will help agencies better defend against the type of attacks that hit the Office of Personnel Management (OPM), the Internal Revenue Service (IRS) and the Federal Deposit Insurance Corporation (FDIC),” Smith said. “Unless we take new and more effective steps to prevent cyber-attacks by foreign criminals and unfriendly governments, our economy and national security are at risk.”
The bill’s passage comes in the wake of a hearing by the House Subcommittee on Research and Technology that examined various oversight and policy aspect of federal cybersecurity issues.
The bill will now be considered by the Senate.