Government Shutdown

Shutdown would not threaten NIST framework schedule

digital key

Officials at the National Institute of Standards and Technology have spent the last seven months crafting a comprehensive cybersecurity framework, triggering concerns that a critical Oct. 10 deadline could be endangered by the potential government shutdown.

However, NIST Director Patrick Gallagher on Sept. 25 said otherwise, telling a Washington cybersecurity conference audience that the preliminary draft framework is effectively complete and ready for release. He also noted that the October release is just one step in an ongoing process.

Under a February executive order from President Barack Obama, NIST has been required to release draft frameworks at specific intervals. The most recent release came in August, when an informal preliminary draft was released ahead of the agency's fourth public collaboration meeting, held in Dallas.

The formal preliminary draft framework is due Oct. 10, 240 days after the executive order, and a final version is due at the one-year mark.

"We've structured the whole 240 days to try to maximize the amount of public engagement and feedback we could get," Adam Sedgewick, NIST senior IT policy adviser, said in July. "Given the time constraints, we've used a combination of public workshops and engagements. We have people engage through our cyber framework website, and at the tail end we'll have another public comment period."

The rigid timelines mean a government shutdown beginning Oct. 1 theoretically could put the intense efforts behind schedule if those working on the project are prohibited from doing so.

"The [executive order] had specific deadlines that didn't give an out for extenuating circumstances," said one source, speaking on background.

But Gallagher indicated that the extensive work, including the broad participation of industry, that has gone into the framework allows for a release even in the event of a shutdown, and others agreed.

"Much of the draft framework has been available for several weeks, and received substantial industry input both from the workshop NIST held in Dallas and a number of separate industry meetings," said Larry Clinton, president and CEO of the Internet Security Alliance, which has been involved in the framework development process. "The framework is a work in progress, and while I don't think it's complete [and] I doubt the NIST staff thinks it's complete yet either, it is certainly far enough along to be released on time as a draft."

NIST officials have made it clear that the framework's development will continue beyond the release of both the preliminary and the final versions.

"If this process we just did over the last eight months ends up being a once-through, then we've failed," Gallagher said, according to Federal News Radio. "The technology is too dynamic, and I don't believe the framework is perfect. We expect companies who adopt it and put it into use to identify places where it makes no sense and where there are gaps. We have to operationalize this collaboration we've built and turn it into a continuous process. So right away we have to start thinking about a 2.0 version. These early adopters that take up the challenge and put this into use are going to shape the framework, and I think they'll drive the governance of the process."

That ongoing development likely will include another workshop beyond the four that already took place across the country, according to Clinton. That and other continuing efforts will help shape the framework for a formal release in February.

"They've pretty much done what they need to do for October, and [if there is a shutdown], what they released last month before Dallas will just be tweaked," said Jim Lewis, senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies. "I think they have something releasable now and will be able to move forward as planned."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group