WASHINGTON - U.S. Rep. Ralph Abraham (R-La.) yesterday led U.S. House Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) in introducing the NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017 (H.R. 1224).

Chairman Lamar Smith (R-Texas): “This legislation is vital to ensuring our citizens’ information is secure, and I thank Congressman Abraham for his leadership on federal cybersecurity. The aftermath of several recent data breaches, including those at OPM, IRS and FDIC, showed that our federal government is a top target for cyber-attacks. Because the government collects personally identifiable information on all Americans, it is of the utmost importance that our cybersecurity framework is as secure as possible.

“This commonsense legislation capitalizes on NIST’s unique position as a global leader in cybersecurity knowledge and readiness and takes a long stride in protecting U.S. cybersecurity capabilities. I look forward to working with our colleagues to getting this bill swiftly passed and sent to the president’s desk.”

Rep. Ralph Abraham (R-La.): “Current practices to protect our federal cybersecurity systems are insufficient.  This bill will help the federal government implement a consistent, user-friendly framework that each agency can tailor to meet its own unique cybersecurity needs, and it provides the National Institute of Standards and Technology the authority it needs to help ensure our federal agencies’ cybersecurity systems are up to standard.”

  Background

In response to a series of damaging cyber-attacks on federal agencies, H.R. 1224 takes steps to prompt federal agencies to follow NIST’s widely accepted cybersecurity protocols and technical standards, directs NIST to establish outcome-based metrics for testing the effectiveness of federal agencies’ cybersecurity, and requires NIST to report to Congress the results of an initial assessment and subsequent, regular audits of cybersecurity measures at the federal agencies most at risk of cyber-attacks. It advances that mission by providing guidance that federal agencies may use to incorporate NIST’s cybersecurity framework, and establishes a federal working group and public-private working group to help the public and private sector use the framework more effectively.

Earlier this month, the Research and Technology Subcommittee held a hearing titled “Strengthening U.S. Cybersecurity Capabilities.” During the 114th Congress, the Science Committee held several hearings related to oversight and policy aspects of federal cybersecurity issues, including the examination of data breaches at the Office of Personnel Management, the Internal Revenue Service and the Federal Deposit Insurance Corporation.