NIST could move to Drupal

Officials at the National Institute of Standards and Technology could soon be saying goodbye to the agency's proprietary content management system as they consider migrating NIST's external website to an open source solution.

According to a solicitation notice first posted Aug. 3 on the Federal Business Opportunities website, NIST officials have launched a Drupal Web Content Management (WCM) Pilot project to get the necessary expertise and to zero in on requirements needed to move the NIST external website to a cloud-based Drupal web content management system.

Some of the major goals of the pilot include:

• Define NIST functional and technical requirements for WCM.
• Identify security requirements needed for migrating to a Drupal cloud solution.
• Determine if Drupal will satisfy NIST web development needs.
• Assess cost, time lines and business case information necessary for migration.
• Pinpoint the challenges in moving to a Drupal cloud solution.

NIST is currently using CommonSpot, a proprietary CMS that comes as both an on-premise product and a Software-as-a-Service, cloud-based solution. The move to Drupal would add the agency to a growing list of federal agencies using the open source CMS: the departments of Education, Energy and Veterans Affairs, as well as the Federal Communications Commission and the Small Business Administration are just a few examples of those running Drupal on either their external public-facing websites or intranets.

Additionally, the Obama administration has been using Drupal for since President Barack Obama’s early days in office. In April 2010, as part of its ongoing effort to create an open platform for, officials also released some of the custom code they had developed.

NIST contracting officials are planning to award the Drupal acquisition as a small-business set-aside.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Mon, Aug 20, 2012 RayW

Hmmm... Three anti M$ and one ardent M$ posting, now make that four for OpenSource. I have used Open Office since 2001 at work and at home, and it is amazing how many of the OO features have ended up in Microsoft Word (which I stopped using at home with the changes in Office 2003) over the years. Like Ron, I prefer OO (and I now use Libre thanks to some people who pointed me that way) just because if I want to write a document one way, OO will not keep changing it to what it wants, unlike Microsoft.

Jay may have the sources listed, but here in the Air Force side of DoD (at my base anyway), it is pure Microsoft, we were ordered to only use Microsoft Office, nothing else is allowed on any computer for the normal user unless it is a special machine and isolated from the network and has special approval - by order of the network nazis. So I now have a lot of Tech documents that are not editable without a lot of time since Microsoft products will change the formats.

Robert did have a point on proprietary code, there has been some of that in the past, but as far as I can see (and I admit to being near-sighted) those companies have faded from the open source scene. But the pay me now or later is only partially true since we pay Microsoft for the license AND for support while as a private user I get a lot of support from free forums. And you also have to add in the cost of working, which I believe is less in the open source products than in the Microsoft products (although I have some folks swear that Microsoft gets easier to use, despite the fact I use more mouse strokes to do the same work in the latest version).

Sat, Aug 18, 2012 thecapacity

I respect Rob's right to an opinion, but I don't believe his comment accurately reflects the reality of the situation. This article is informative and if anything understates the proven value of Open Source. While I suspect Rob finds his own preconceptions unassailable, anyone else interested in a more rational view may find a recent article from The Street interesting, titled: "Open Source Is Becoming a Military Necessity" -------------------Intro Excerpt ----------- In letting just anyone use your code, that has to include the bad guys. They're bound to find a way to compromise it, the thinking goes. But that's not the way it works in real life. Having every potential victim working on your neighborhood code watch turns out to deliver more security, not less. Having everyone who might be the victim of an online break-in organized, finding bugs, writing and testing fixes, constantly improving security tools, works. Don't believe me? Well, maybe you'll believe the National Security Agency or the Department of Homeland Security. The open source process works for them, too. ------------------------------------

Fri, Aug 17, 2012 jay

Wow, that's an amazingly ill informed first comment to conclude a pretty straightforward and informational article. Open source shares a belief (and some hard data) that 'many eyes make bugs shallow', but there are a number of forms open source can take, particularly when it intersects with business. The commenter is correct that in some cases there is a 'closed core' that is not published but it’s not always kept from a procurement. Many times the code is ‘closed’ because it requires a license to pay for other pieces of code (that by definition are not themselves open sourced), for example proprietary video and audio codecs requires to support music and video. However, even if some code was kept closed I fail to see how that keeps a purchaser from ‘winning’ since at least some of the code is shared, unlike a more traditional model where the Gov. never sees source for the majority of software they use. I think the ‘better vs. worse’ debate is fundamentally flawed, assuming that there’s a zero sum game b/t traditional and open software companies. What most people don’t realize about open source is that it’s _different_ and it powers the majority of the internet and underpins a significant part of the secure infrastructure we all depend on being included in everything from security scanning tools, virtually all programming languages and providing secure shells to almost every server. The DoD even encourages the adoption of Open Source and has attempted to clarify this point so it can be made without contestation: There are major economic reasons to support open source as well, and agencies such as the new CFPB recognize this value and have created their own open source policy: If you’re interested in scientific validation then look no further than; I’d encourage anyone interested in weighing the value of open source, especially in Gov, to check out Gunnar Hellekson’s review; I’m sure it, my comments, or the voluminous other positive examples, won’t be enough to convince the previous poster, but for everyone else interested in an informed opinion I hope you don’t take any diatribe as truth.

Fri, Aug 17, 2012 Ron

Microsoft does not do much more than most open source stuff for most people, other than to charge them and to occasionally demand you prove you paid them. Now if the powers that be can approve LibreOffice (or even reapprove the defunct Open Office) for the peons in the trenches doing the work to allow us to work the way we want to instead of being told how to do our documents like Microsoft does, life would be better.

Fri, Aug 17, 2012 Stan Alexandria VA

This is very exciting news for the Drupal community. In regard to open source companies hiding their "special code" I would have to strongly disagree. First of all, Drupal is not a company, but is overseen by a community of volunteers Modules are vetted by the community for things like security vulnerabilities before it is released to the everyone on to try. Second, I can't speak for everyone, but I personally am not in the habit of passing blame on to others for my mistakes.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group