NIST Now "King of the Hill" on Cyber Standards

Following its key cyber role in President Obama's Executive Order No. 13636 issued this February, the National Institute of Standards and Technology (NIST) again seized the reins on federal cybersecurity standards on April 30, issuing the 457-page tome, Security and Privacy Controls for Federal information Systems and Organizations, that not only provides the "most comprehensive update" of the core information security controls, but also cuts new ground for cybersecurity standards governing mobile and cloud computing technology, applications security, supply chain protection, advanced persistent threats, and privacy controls for federal agencies and contractors. While some critics have sought to brush back prior NIST standards as too voluminous and technically dense, this latest publication underscores NIST's increasing dominance over cyber standards, as shown by both DoD and the Office of the Director of National Intelligence embracing this NIST update, thus paving the way for federal agencies to flow down new and expanded security standards to government contractors consistent with the executive order's directive to the FAR Council.