NIST Trying to Drum Up Cyber Standards Support

The National Institute of Standards and Technology has started visiting businesses to rally support for a nationwide cybersecurity program called for by a February executive order.

The Feb. 12 mandate directed NIST, a Commerce Department agency, to develop standard guidelines for protecting computer operations in key sectors. On March 11, at an industry briefing organized by law firm Venable LLP, government officials stressed the guidelines will not be performance standards. The protections, however, would become mandatory for certain companies under a White House legislative proposal, so the order has raised questions among lobbying groups. A draft “cybersecurity framework” – the official term for the voluntary regulations -- is expected to be released by November, said Ari Schwartz, a Commerce senior policy adviser. NIST has published a formal notice requesting input from businesses and scheduled a brainstorming workshop for April 3 in Gaithersburg (MD). Future meetings to solicit feedback will not all be held in the suburbs, Adam Sedgewick, NIST senior information technology policy advisor, assured the audience, which was watching remotely via Webcast and at Venable's Washington office.