The National Institute for Standards and Technology wants federal agencies to get their act together on cybersecurity standards.
In a new publication, the group calls on agencies to coordinate with each other, with the private sector and with international governments to draw up, and abide by, cybersecurity benchmarks. NIST is collecting comments on its recommendations until Sep. 24.
Establishing international cyber standards are key to “improving trust in online transactions, mitigating the effects of cyberincidents (e.g., crime), and ensuring secure interoperability among trade partners,” NIST wrote. This could “promote international trade and provide a level playing field for U.S. companies.”
NIST is advocating for a “high-level oversight function, where the senior cyber officials and [those] with the standards missions can get together,” Mike Hogan, standards liaison for NIST’s Information Technology Laboratory and one of the publication’s authors, told Nextgov.
For instance, the report recommended the Executive Office of the President could create an interagency policymaking group that would oversee the process; the Commerce Department could host its own working group comprised of federal cybersecurity officials to set objectives, reporting to the EOP group.
Other recommendations included that federal agencies regularly collaborate with the domestic and global public and private sectors. Agencies should also expand cyber training for staff, emphasizing the “costs of failing to participate in cybersecurity standards development,” among other topics.
The director of NIST is required, under the Cybersecurity Enhancement Act of 2014, to work with federal agencies on coordinating information security. NIST is also required to send a report on that effort to Congress — this publication…