Abraham introduces NIST Cybersecurity Framework Bill
WASHINGTON - Congressman Ralph Abraham, M.D., R-Alto, on Monday introduced the NIST Cybersecurity Framework, Assessment and Auditing Act of 2017 (HR 1224).
The bill is in response to a series of damaging cyber-attacks on federal agencies, such as the Office of Personnel Management, the Internal Revenue Service and the Federal Deposit Insurance Commission.
H.R. 1224 takes steps to prompt federal agencies to follow National Institute for Standards and Technology’s (NIST) widely accepted cybersecurity protocols and technical standards, directs NIST to establish outcome-based metrics for testing the effectiveness of federal agencies’ cybersecurity, and requires NIST to report to Congress the results of an initial assessment and subsequent, regular audits of cybersecurity measures at the federal agencies most at risk of cyber-attacks. It advances that mission by providing guidance that federal agencies may use to incorporate NIST’s cybersecurity framework, and establishes a federal working group and public-private working group to help the public and private sector use the framework more effectively.
"Current practices to protect our federal cybersecurity systems are insufficient. This bill will help the federal government implement a consistent, user-friendly framework that each agency can tailor to meet its own unique cybersecurity needs, and it provides the NIST the authority it needs to help ensure our federal agencies' cybersecurity systems are up to standard," said Dr. Abraham, a member of the House Committee on Science, Space and Technology (SST).
SST Chairman Lamar Smith, R-Texas, said, "This legislation is vital to ensuring our citizens’ information is secure, and I thank Congressman Abraham for his leadership on federal cybersecurity. The aftermath of several recent data breaches, including those at OPM, IRS and FDIC, showed that our federal government is a top target for cyber-attacks. Because the government collects personally identifiable information on all Americans, it is of the utmost importance that our cybersecurity framework is as secure as possible.
“This commonsense legislation capitalizes on NIST’s unique position as a global leader in cybersecurity knowledge and readiness and takes a long stride in protecting U.S. cybersecurity capabilities. I look forward to working with our colleagues to getting this bill swiftly passed and sent to the president’s desk.”
Earlier this month, the SST Research and Technology Subcommittee, of which Dr. Abraham is the vice chairman, held a hearing titled "Strengthening U.S. Cybersecurity Capabilities." During the last Congress, the SST held several hearings related to oversight and policy aspects of federal cybersecurity issues, including the examination of data breaches at the OPM, the IRS and the FDIC.