NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017

[AI summary unavailable — showing source text] NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017 This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST), in developing standards for information systems, to emphasize the principle that expanding cybersecurity threats require: (1) engineering security from the beginning of a system's life cycle, (2) building more trustworthy and secure components and systems from the start, and (3) applying well-defined security design principles throughout systems. NIST must provide guidance for agencies to incorporate into their information security risk management efforts the Framework for Improving Critical Infrastructure Cybersecurity, which was prepared by NIST with input from the private sector in response to an executive order. NIST must chair a federal working group and establish a public-private working group to coordinate the development of metrics and tools to measure the effectiveness of the cybersecurity framework for: (1) federal agencies protecting their information and information systems, and (2) private entities voluntarily analyzing their individual corporate risks. The public…