NIST and DHS's NPPD Sign Agreement on Cybersecurity

The National Institute of Standards and Technology (NIST) and the National Protection and Programs Directorate (NPPD) of the US Department of Homeland Security (DHS) have signed an agreement to improve the cybersecurity programs of both organizations by establishing mutually beneficial activities and exchanges.

The main goal of the agreement is to increase communication between their cybersecurity personnel, enhance collaboration in the performance of their responsibilities, and improve coordination of interrelated activities.

According to the agreement, NIST will be responsible with assigning an official to coordinate cybersecurity activities with NPPD; consult with NPPD on information security standards, guidelines and frameworks; and provide technical expertise regarding these standards.

In addition, NIST will enable the participation of NPPD in engagements with industry focused on enhancing public and private sector cooperative partnerships or improving cybersecurity.

The NPPD will also assign an official to coordinate cybersecurity activities with NIST. The directorate will also consult with NIST on the production of bulletins aimed at the implementation of standards, guidelines, frameworks or other applicable cybersecurity policies.

Another important role of the NPPD will be to consult with NIST on the development of metrics used by departments and agencies to measure effectiveness of security programs, and to coordinate the development or enhancement of existing vulnerability assessments.

Finally, NPPD will “provide relevant information, including analyses, priorities, sector specific plans, vulnerability assessments, and reports on operation aspects of Federal agency cybersecurity, consistent with NPPD information sharing policies, to assist NIST in the development of information security standards, guidelines and frameworks.”

The agreement coincides with US President Barack Obama’s executive order on cybersecurity. The order appoints the DHS as the body responsible with coordinating information sharing regarding the security of the country’s critical infrastructures.