H.R.1224 - NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017115th Congress (2017-2018) |
|Sponsor:||Rep. Abraham, Ralph Lee [R-LA-5] (Introduced 02/27/2017)|
|Committees:||House - Science, Space, and Technology|
|Latest Action:||03/01/2017 Ordered to be Reported (Amended) by the Yeas and Nays: 19 - 14. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
- Passed House
- Passed Senate
- To President
- Became Law
Summary: H.R.1224 — 115th Congress (2017-2018)All Information (Except Text)
Introduced in House (02/27/2017)
NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017
This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST), in developing standards for information systems, to emphasize the principle that expanding cybersecurity threats require: (1) engineering security from the beginning of a system's life cycle, (2) building more trustworthy and secure components and systems from the start, and (3) applying well-defined security design principles throughout systems.
NIST must provide guidance for agencies to incorporate into their information security risk management efforts the Framework for Improving Critical Infrastructure Cybersecurity, which was prepared by NIST with input from the private sector in response to an executive order.
NIST must chair a federal working group and establish a public-private working group to coordinate the development of metrics and tools to measure the effectiveness of the cybersecurity framework for: (1) federal agencies protecting their information and information systems, and (2) private entities voluntarily analyzing their individual corporate risks.
The public-private working group must provide information voluntarily submitted by private entities to NIST and other private entities to improve the cybersecurity framework and enable private entities to use the framework more effectively.
The federal working group and the public-private working group must assist the Office of Science and Technology Policy (OSTP) in publishing annual reports on agency and industry framework adoption rates.
NIST must initiate an individual cybersecurity audit of certain agencies to assess the extent to which they meet information security standards. NIST must report on the audit of each agency to: (1) the Office of Management and Budget, (2) the OSTP, (3) the Government Accountability Office, (4) the agency being audited and its inspector general, and (5) Congress.