H.R. 1224, NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017

3.0.0 1224 2023-01-11T13:35:05Z 2023-01-11T13:35:05Z House HR 2017-02-27 115 [Congressional Record Volume 163, Number 34 (Monday, February 27, 2017)]From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]By Mr. ABRAHAM:H.R. 1224.Congress has the power to enact this legislation pursuantto the following:Article I, Section 8, Clause 18:The Congress shall have power to make all Laws which shallbe necessary and proper for carrying into Execution theforegoing Powers, and all other Powers vested by thisConstitution in the Government of the United States, or inany Department of Officer thereof.[Page H1355]]]> hssy00 Science, Space, and Technology Committee House Standing Reported by 2017-10-31T19:52:56Z Markup by 2017-03-01T19:28:54Z Referred to 2017-02-27T17:01:20Z H. Rept. 115-376 2017-10-31 Placed on the Union Calendar, Calendar No. 276. Calendars H12410 2 House floor actions U00276 2017-10-31 Reported (Amended) by the Committee on Science, Space, and Technology. H. Rept. 115-376. Committee H12200 2 House floor actions hssy00 Science, Space, and Technology Committee 2017-10-31 Reported (Amended) by the Committee on Science, Space, and Technology. H. Rept. 115-376. Committee 5000 9 Library of Congress hssy00 Science, Space, and Technology Committee 2017-03-01 hssy00 Science, Space, and Technology Committee 1 House committee actions Ordered to be Reported (Amended) by the Yeas and Nays: 19 - 14. Committee 2017-03-01 hssy00 Science, Space, and Technology Committee 1 House committee actions Committee Consideration and Mark-up Session Held. Committee 2017-02-27 Referred to the House Committee on Science, Space, and Technology. IntroReferral H11100 2 House floor actions hssy00 Science, Space, and Technology Committee 2017-02-27 Introduced in House IntroReferral Intro-H 9 Library of Congress 2017-02-27 Introduced in House IntroReferral 1000 9 Library of Congress A000374 Rep. Abraham, Ralph Lee [R-LA-5] Ralph Abraham R LA Lee 5 N S000583 Rep. Smith, Lamar [R-TX-21] LAMAR SMITH R TX 21 2017-02-27 True L000491 Rep. Lucas, Frank D. [R-OK-3] FRANK LUCAS R OK D. 3 2017-02-27 True C001105 Rep. Comstock, Barbara [R-VA-10] Barbara Comstock R VA 10 2017-02-27 True K000387 Rep. Knight, Stephen [R-CA-25] Stephen Knight R CA 25 2017-02-27 True S000250 Rep. Sessions, Pete [R-TX-32] PETE SESSIONS R TX 32 2017-10-24 False 2017-05-02T19:29:00Z H.R. 1224, NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017 https://www.cbo.gov/publication/52685 As ordered reported by the House Committee on Science, Space, and Technology on March 1, 2017 Science, Technology, Communications Accounting and auditing Computer security and identity theft Department of Commerce Government information and archives Government studies and investigations Performance measurement Public-private cooperation Technology assessment Science, Technology, Communications

00 2017-02-27 Introduced in House 2017-05-01T20:31:37Z NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017

This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST), in developing standards for information systems, to emphasize the principle that expanding cybersecurity threats require: (1) engineering security from the beginning of a system's life cycle, (2) building more trustworthy and secure components and systems from the start, and (3) applying well-defined security design principles throughout systems.

NIST must provide guidance for agencies to incorporate into their information security risk management efforts the Framework for Improving Critical Infrastructure Cybersecurity, which was prepared by NIST with input from the private sector in response to an executive order.

NIST must chair a federal working group and establish a public-private working group to coordinate the development of metrics and tools to measure the effectiveness of the cybersecurity framework for: (1) federal agencies protecting their information and information systems, and (2) private entities voluntarily analyzing their individual corporate risks.

The public-private working group must provide information voluntarily submitted by private entities to NIST and other private entities to improve the cybersecurity framework and enable private entities to use the framework more effectively.

The federal working group and the public-private working group must assist the Office of Science and Technology Policy (OSTP) in publishing annual reports on agency and industry framework adoption rates.

NIST must initiate an individual cybersecurity audit of certain agencies to assess the extent to which they meet information security standards. NIST must report on the audit of each agency to: (1) the Office of Management and Budget, (2) the OSTP, (3) the Government Accountability Office, (4) the agency being audited and its inspector general, and (5) Congress.

]]>

17 2017-10-31 Reported to House with amendment(s) 2017-11-08T21:40:09Z NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017

(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST), in developing standards for information systems, to emphasize the principle that expanding cybersecurity threats require: (1) engineering security from the beginning of a system's life cycle, (2) building more trustworthy and secure components and systems from the start, and (3) applying well-defined security design principles throughout systems.

(Sec. 3) NIST must provide guidance for agencies to incorporate into their information security risk management efforts the Framework for Improving Critical Infrastructure Cybersecurity (Framework). Such guidance shall:

describe how the Framework aligns or augments existing agency practices;
identify any areas of conflict or overlap between the Framework and existing cybersecurity requirements;
include a template for federal agencies on how to use the Framework and recommend procedures for streamlining and harmonizing existing and future cybersecurity-related requirements;
recommend other procedures for compliance with cybersecurity reporting, oversight, and policy review; and
be updated to reflect what NIST learns from ongoing research, cybersecurity audits, information compiled by the federal working group, and annual reports.

NIST must chair a federal working group to coordinate the development of metrics and tools to measure the effectiveness of the Framework for federal agencies protecting their information and information systems.

The federal working group must assist the Office of Management and Budget (OMB) and Office of Science and Technology Policy (OSTP) in publishing annual reports on agency adoption rates and the effectiveness of the Framework.

NIST must initiate an individual cybersecurity audit of certain agencies to assess the extent to which each agency meets information security standards. NIST shall prepare a needs-based plan for the audits that includes: (1) a description of staffing plans, (2) workforce capabilities, (3) methods of conducting such audits, (4) coordination with agencies to support such audits, (5) expected timeframe for the completion of the audits, and (6) other relevant information.

NIST must report on the audit of each agency to: (1) OMB, (2) the OSTP, (3) the Government Accountability Office, (4) the agency being audited and its inspector general, and (5) Congress.

]]>

NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017 Display Title NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017 Official Title as Introduced To amend the National Institute of Standards and Technology Act to implement a framework, assessment, and audits for improving United States cybersecurity. Introduced in House IH Short Titles as Introduced NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017 Short Titles as Reported to House NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017 H House Reported in House 2017-10-31T04:00:00Z https://www.govinfo.gov/content/pkg/BILLS-115hr1224rh/xml/BILLS-115hr1224rh.xml Introduced in House 2017-02-27T05:00:00Z https://www.govinfo.gov/content/pkg/BILLS-115hr1224ih/xml/BILLS-115hr1224ih.xml 2017-10-31 Placed on the Union Calendar, Calendar No. 276. text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. Congressional Research Service, Library of Congress This file contains bill summaries and statuses for federal legislation. A bill summary describes the most significant provisions of a piece of legislation and details the effects the legislative text may have on current law and federal programs. Bill summaries are authored by the Congressional Research Service (CRS) of the Library of Congress. As stated in Public Law 91-510 (2 USC 166 (d)(6)), one of the duties of CRS is "to prepare summaries and digests of bills and resolutions of a public general nature introduced in the Senate or House of Representatives". For more information, refer to the User Guide that accompanies this file.