Last week Rep. Moolenaar (R,MI) introduced HR 5639, the National Institute of Standards and Technology Improvement Act of 2016. The bill updates the National Institute of Standards and Technology Act (15 USC 272). There is only one minor cybersecurity provision in the bill.
Section 11 of the bill makes one small change to 15 USC 278g–3, the computer standards program. It removes the words ‘National Security Agency’ from paragraph (c)(1). That paragraph lists the agencies that NIST must consult with in establishing standards for information systems and cybersecurity standards for federal information systems.
Moolenaar is a member of the House Science, Space and Technology Committee, the committee to which the bill was assigned for consideration. More importantly many of the ten cosponsors are influential members of the Committee and the Congressional leadership. This is clearly reflected by the fact that the bill will be considered this week under suspension of the rules. The bill will almost certainly pass with substantial bipartisan support.
This change was almost certainly included in response to news that the NSA influenced NIST to include backdoors into encryption standards. The change does not prevent NIST from consulting with NSA, or limit what influence NSA has on NIST operations. The change is simply a face saving move by Congress so that it appears that Congress has limited the influence of NSA.