From: Defense Daily Network
The National Institute of Standards and Technology (NIST) should remain a neutral broker in developing standards to support public and private sector cyber security efforts and should not take on the role of an auditor to ensure federal agencies are complying with an existing cyber-risk management framework as called for in proposed congressional legislation, the former chief information security officer (CISO) of the United States told a House panel last week.
Greg Touhill, who served as the U.S. CISO during the last five months of the Obama administration, said he’s all for auditing and compliance of federal agencies adherence to the three-year old NIST Cybersecurity Framework that is being voluntarily adopted by private sector entities to help them understand and manage their cyber security risks.
Leave a Reply