Amendment puts IGs in charge of cyber audits, not NIST

Fifth Domain: A House bill that would have put the National Institute of Standards and Technology in charge of auditing agency cybersecurity practices was amended to place that responsibility in the hands of agency inspectors general, a move which a policy expert said will give the bill a better chance of passage.

“I would think this amendment would increase the likelihood of passage,” said Marcus Christian, partner in the law firm Mayer Brown’s Litigation and Dispute Resolution practice and White Collar Defense and Compliance group. “I think that it’s important to have a capable body conducting these audits.”

Originally the bill, H.R. 1224, the “NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017,” would have required NIST to conduct audits of agency implementation of the NIST cybersecurity framework.

Read article