[Congressional Record Volume 164, Number 61 (Monday, April 16, 2018)]
[House]
[Page H3329]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY CYBERSECURITY FRAMEWORK 
                                 UPDATE

  (Mr. LANGEVIN asked and was given permission to address the House for 
1 minute and to revise and extend his remarks.)
  Mr. LANGEVIN. Mr. Speaker, today the National Institute of Standards 
and Technology, or NIST, published its first major update to its 
heralded cybersecurity framework. Since its release 4 years ago, 
countless organizations have used the framework to voluntarily assess 
their cybersecurity risk posture, identify gaps, and implement best 
practices. This update adds timely guidance about managing supply chain 
cybersecurity risks, like those Russia exploited to damaging effect 
with the NotPetya malware.
  Since President Obama first directed its creation, NIST has employed 
a collaborative approach to developing the framework with diverse 
stakeholders from government, private industry, academia, and civil 
society. The revision process reflects this public-private partnership, 
and I thank the NIST team for their hard work drafting this update.
  I firmly believe that cybersecurity is not just an IT problem, and 
the framework's approach reflects a broader risk-based decisionmaking 
process. However, an understanding of the economics of controls is 
essential if we expect companies to adopt them voluntarily, and I look 
forward to continuing my work in this Chamber to deepen that 
understanding.

                          ____________________