Government Shutdown

Shutdown would not threaten NIST framework schedule

digital key

Officials at the National Institute of Standards and Technology have spent the last seven months crafting a comprehensive cybersecurity framework, triggering concerns that a critical Oct. 10 deadline could be endangered by the potential government shutdown.

However, NIST Director Patrick Gallagher on Sept. 25 said otherwise, telling a Washington cybersecurity conference audience that the preliminary draft framework is effectively complete and ready for release. He also noted that the October release is just one step in an ongoing process.

Under a February executive order from President Barack Obama, NIST has been required to release draft frameworks at specific intervals. The most recent release came in August, when an informal preliminary draft was released ahead of the agency's fourth public collaboration meeting, held in Dallas.

The formal preliminary draft framework is due Oct. 10, 240 days after the executive order, and a final version is due at the one-year mark.

"We've structured the whole 240 days to try to maximize the amount of public engagement and feedback we could get," Adam Sedgewick, NIST senior IT policy adviser, said in July. "Given the time constraints, we've used a combination of public workshops and engagements. We have people engage through our cyber framework website, and at the tail end we'll have another public comment period."

The rigid timelines mean a government shutdown beginning Oct. 1 theoretically could put the intense efforts behind schedule if those working on the project are prohibited from doing so.

"The [executive order] had specific deadlines that didn't give an out for extenuating circumstances," said one source, speaking on background.

But Gallagher indicated that the extensive work, including the broad participation of industry, that has gone into the framework allows for a release even in the event of a shutdown, and others agreed.

"Much of the draft framework has been available for several weeks, and received substantial industry input both from the workshop NIST held in Dallas and a number of separate industry meetings," said Larry Clinton, president and CEO of the Internet Security Alliance, which has been involved in the framework development process. "The framework is a work in progress, and while I don't think it's complete [and] I doubt the NIST staff thinks it's complete yet either, it is certainly far enough along to be released on time as a draft."

NIST officials have made it clear that the framework's development will continue beyond the release of both the preliminary and the final versions.

"If this process we just did over the last eight months ends up being a once-through, then we've failed," Gallagher said, according to Federal News Radio. "The technology is too dynamic, and I don't believe the framework is perfect. We expect companies who adopt it and put it into use to identify places where it makes no sense and where there are gaps. We have to operationalize this collaboration we've built and turn it into a continuous process. So right away we have to start thinking about a 2.0 version. These early adopters that take up the challenge and put this into use are going to shape the framework, and I think they'll drive the governance of the process."

That ongoing development likely will include another workshop beyond the four that already took place across the country, according to Clinton. That and other continuing efforts will help shape the framework for a formal release in February.

"They've pretty much done what they need to do for October, and [if there is a shutdown], what they released last month before Dallas will just be tweaked," said Jim Lewis, senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies. "I think they have something releasable now and will be able to move forward as planned."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group