The National Institute of Standards and Technology (NIST) announced on Aug. 16 that it will delay action on several cybersecurity-related standards.
The delay is due to a review cycle the Office of Management and Budget’s Office of Information and Regulatory Affairs (OIRA) has implemented to ensure the standards safeguard government data.
The announcement listed the standard publications that the delay impacted, including defense cybersecurity contractor and Defense Department standards. NIST’s Guide for Developing System Security Plans is affected, and the Security and Privacy Controls for Information Systems and Organizations – which has reached its final public draft – is currently in review at OIRA.
Other processing standards and special publications are also affected by the delay. The following have been put on hold until OIRA has completed its review cycle:
- Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans;
- Control Baselines and Tailoring Guidance for Federal Information Systems and Organizations;
- Standards for Security Categorization of Federal Information Systems;
- Minimum Security Requirements for Federal Information and Information Systems;
- Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations; and
- Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets.
NIST said that it will announce when these documents are cleared for publication.