Government Shutdown

Shutdown would not threaten NIST framework schedule

digital key

Officials at the National Institute of Standards and Technology have spent the last seven months crafting a comprehensive cybersecurity framework, triggering concerns that a critical Oct. 10 deadline could be endangered by the potential government shutdown.

However, NIST Director Patrick Gallagher on Sept. 25 said otherwise, telling a Washington cybersecurity conference audience that the preliminary draft framework is effectively complete and ready for release. He also noted that the October release is just one step in an ongoing process.

Under a February executive order from President Barack Obama, NIST has been required to release draft frameworks at specific intervals. The most recent release came in August, when an informal preliminary draft was released ahead of the agency's fourth public collaboration meeting, held in Dallas.

The formal preliminary draft framework is due Oct. 10, 240 days after the executive order, and a final version is due at the one-year mark.

"We've structured the whole 240 days to try to maximize the amount of public engagement and feedback we could get," Adam Sedgewick, NIST senior IT policy adviser, said in July. "Given the time constraints, we've used a combination of public workshops and engagements. We have people engage through our cyber framework website, and at the tail end we'll have another public comment period."

The rigid timelines mean a government shutdown beginning Oct. 1 theoretically could put the intense efforts behind schedule if those working on the project are prohibited from doing so.

"The [executive order] had specific deadlines that didn't give an out for extenuating circumstances," said one source, speaking on background.

But Gallagher indicated that the extensive work, including the broad participation of industry, that has gone into the framework allows for a release even in the event of a shutdown, and others agreed.

"Much of the draft framework has been available for several weeks, and received substantial industry input both from the workshop NIST held in Dallas and a number of separate industry meetings," said Larry Clinton, president and CEO of the Internet Security Alliance, which has been involved in the framework development process. "The framework is a work in progress, and while I don't think it's complete [and] I doubt the NIST staff thinks it's complete yet either, it is certainly far enough along to be released on time as a draft."

NIST officials have made it clear that the framework's development will continue beyond the release of both the preliminary and the final versions.

"If this process we just did over the last eight months ends up being a once-through, then we've failed," Gallagher said, according to Federal News Radio. "The technology is too dynamic, and I don't believe the framework is perfect. We expect companies who adopt it and put it into use to identify places where it makes no sense and where there are gaps. We have to operationalize this collaboration we've built and turn it into a continuous process. So right away we have to start thinking about a 2.0 version. These early adopters that take up the challenge and put this into use are going to shape the framework, and I think they'll drive the governance of the process."

That ongoing development likely will include another workshop beyond the four that already took place across the country, according to Clinton. That and other continuing efforts will help shape the framework for a formal release in February.

"They've pretty much done what they need to do for October, and [if there is a shutdown], what they released last month before Dallas will just be tweaked," said Jim Lewis, senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies. "I think they have something releasable now and will be able to move forward as planned."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group