SUBCHAPTER IV—ADVANCEMENT OF CYBERSECURITY TECHNICAL STANDARDS
§7461. Definitions
In this subchapter:
(1) Director
The term "Director" means the Director of the National Institute of Standards and Technology.
(2) Institute
The term "Institute" means the National Institute of Standards and Technology.
(
§7462. International cybersecurity technical standards
(a) In general
The Director, in coordination with appropriate Federal authorities, shall—
(1) as appropriate, ensure coordination of Federal agencies engaged in the development of international technical standards related to information system security; and
(2) not later than 1 year after December 18, 2014, develop and transmit to Congress a plan for ensuring such Federal agency coordination.
(b) Consultation with the private sector
In carrying out the activities specified in subsection (a)(1), the Director shall ensure consultation with appropriate private sector stakeholders.
(
§7463. Cloud computing strategy
(a) In general
The Director, in coordination with the Office of Management and Budget, in collaboration with the Federal Chief Information Officers Council, and in consultation with other relevant Federal agencies and stakeholders from the private sector, shall continue to develop and encourage the implementation of a comprehensive strategy for the use and adoption of cloud computing services by the Federal Government.
(b) Activities
In carrying out the strategy described under subsection (a), the Director shall give consideration to activities that—
(1) accelerate the development, in collaboration with the private sector, of standards that address interoperability and portability of cloud computing services;
(2) advance the development of conformance testing performed by the private sector in support of cloud computing standardization; and
(3) support, in coordination with the Office of Management and Budget, and in consultation with the private sector, the development of appropriate security frameworks and reference materials, and the identification of best practices, for use by Federal agencies to address security and privacy requirements to enable the use and adoption of cloud computing services, including activities—
(A) to ensure the physical security of cloud computing data centers and the data stored in such centers;
(B) to ensure secure access to the data stored in cloud computing data centers;
(C) to develop security standards as required under
(D) to support the development of the automation of continuous monitoring systems.
(
§7464. Identity management research and development
The Director shall continue a program to support the development of voluntary and cost-effective technical standards, metrology, testbeds, and conformance criteria, taking into account appropriate user concerns—
(1) to improve interoperability among identity management technologies;
(2) to strengthen authentication methods of identity management systems;
(3) to improve privacy protection in identity management systems, including health information technology systems, through authentication and security protocols; and
(4) to improve the usability of identity management systems.
(