A U.S. House subcommittee approved Nov. 4 the Cybersecurity Coordination and Awareness Act, legislation that would require NIST (National Institute of Standards and Technology) to develop and implement a plan to ensure coordination within the U.S. government with regard to the development of international cybersecurity technical standards.
The bill, approved by the the Committee on Science and Technology's Subcommittee on Technology and Innovation, would also require NIST to develop and implement a cybersecurity awareness and education program and engage in research and development to improve identity management systems.
"Twenty-two years ago, this Committee paved the way for federal cybersecurity efforts with the Computer Security Act of 1987, which charged NIST with developing technical standards to protect non-classified information on federal computer systems and was the first of 13 major laws related to cybersecurity," Subcommittee Chairman David Wu (D-OR), said in a statement.
The legislation implements recommendations made in the White House's Cyberspace Policy Review and during the panel's witness testimony. The bill now moves to full House Science and Technology Committee.
"The convergence of telecommunication, Internet and video devices requires a corresponding convergence in cybersecurity technical standards development," Wu said. "A coordinated policy will ensure that these representatives operate with the overarching need of the U.S. infrastructure in mind."
The subcommittee also approved an amendment to the bill sponsored by Wu to include health information technology systems as part of NIST's work on identity management research and standards development.
"As we work to increase adoption of health IT in our medical system, it is important to recognize that the increased digitization and sharing of records must be accompanied by adequate privacy safeguards," Wu said. "Ensuring that we advance technologies and methods used to protect privacy should be central to NIST's work in health IT."