Government Shutdown, NIST and Cybersecurity: Here’s What MSSPs Need to Know
Nearly 85 percent of National Institute of Standards and Technology (NIST) staff members are furloughed due to a partial government shutdown that began Dec. 22, 2018, according to unified access security provider Duo Security.
Meanwhile, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency has 45 percent of employees furloughed due to the government shutdown, Duo reported. Approximately 45 percent of DHS’s analysis and operations team is on furlough at this time, too.
The DHS National Protection and Programs Directorate also has up to 80 percent of its cyber workforce on furlough during the government shutdown, Duo stated. This directorate manages both the U.S. Computer Emergency Readiness Team (US-CERT) Continuous Diagnostics and Mitigation and Automated Indicator Sharing programs.
What Does the Government Shutdown Mean for MSSPs?
The government shutdown could delay the upcoming release of new NIST security standards and guidelines.
Prior to the government shutdown, NIST was developing a risk management framework. It also was implementing changes to the federal government’s security controls guidelines.
MSSPs and corporate security teams sometimes use NIST standards and guidelines as baselines for their security programs. These standards and guidelines provide security best practices and threat mitigation strategies.
Which Federal Cybersecurity Resources Are Still Available?
During the government shutdown, an NIST computer scientist and IT specialist will maintain the National Vulnerability Database (NVD), 16 employees will manage the institute’s time servers and an IT specialist will be at the National Cybersecurity Center of Excellence (NCCoE), Duo reported.
Other federal cybersecurity resources that will remain available during the government shutdown include:
- National Cybersecurity and Communications Integration Center (NCCIS): NCCIS service desk is open and accepting calls.
- National Technical Information Service (NTIS): NTIS will remain open and running.
- Small Business Administration (SBA): Small businesses can access security recommendations and guidance from the SBA website.
Federal agencies are required to maintain appropriate cybersecurity functions across all agency information technology systems, the Office of Management and Budget indicated. They also must avoid any threat to the security, confidentiality and integrity of agency information and information systems managed by the government.