Executive Branch Activity

NIST Cybersecurity Framework Implementation

The National Institute of Standards and Technology (NIST) is planning to hold a cybersecurity workshop this fall to discuss the implementation of the Cybersecurity Framework that NIST developed and released in February. The location and date for the workshop has not been set but NIST intends to discuss the areas for further development and address ways to improve the Cybersecurity Framework at the upcoming workshop. NIST also intends to hold another workshop related to privacy but no date has been set at this time. NIST held its first privacy workshop in April and released a subsequent report related to privacy in May.

The Department of Homeland Security (DHS) is also working with stakeholders on the implementation of the NIST Cybersecurity Framework and is planning to release a new version of its Cyber Resilience Review to help small and mid-sized businesses. DHS plans to roll out the new version in the next few months through its Critical Infrastructure Cyber Community (C³/C-Cubed) Program.

DOD Draft Regulations

As required by the National Defense Authorization Act of 2013, the U.S. Department of Defense (DOD) is working on new regulations that will require defense contractors to rapidly report network and information system penetrations. The regulations will likely require contractors that experience a data breach to describe the methods used in an attack on their network, provide a sample of the malicious software, and include a summary of how DOD data contained in the contractor’s system may have been compromised. An ad hoc committee has been developing the regulations and was required to provide a report to the Defense Acquisition Regulations Council by June 4. The deadline for the report was previously pushed back and DOD officials indicated last week that the report has again been delayed to be released on July 9.