NIST Seeks Small Business to Help Develop Cybersecurity Standards

The National Institute of Standards and Technology is in the market for a company to support its work crafting privacy and cybersecurity standards for critical technology that will apply to federal agencies.

In a recent notice posted to the government’s procurement website, the agency listed standards development for areas including cyber-physical systems, cloud computing and virtualization, and privacy engineering and risk management as a high-priority in a time of heightened cybersecurity awareness following widespread breaches of the public and private sector. Hackers were able to penetrate the defenses of federal agencies by leveraging access they gained through the network management company SolarWinds and other means.

“With a new and re-energized national emphasis on information security, the NIST Information Technology Laboratory's Computer Security Division is uniquely positioned to ensure that new technology initiatives are selected, deployed, and operated in a manner that does not increase the risk to organizational missions, individuals, and the Nation,” the sources sought notice reads.

NIST is also seeking support for the development and modeling of software and applications for tools such as the National Vulnerability Database and the National Checklist Program but identified those as lower priority areas for a company to which it would issue an indefinite-delivery, indefinite-quantity contract. 

“NIST expects the requirements of its mission to expand and anticipates the need for support in meeting these requirements,” the notice reads. “The support needed to ensure a successful mission ranges from internal programmatic support to technical expertise and research consulting in a wide range of cyber and information security areas.”

The importance NIST places on engaging with the private sector is nothing new, a point emphasized in a recent blog post by Kevin Stine, head of NIST applied cybersecurity division wrote promoting the launch of a stakeholder engagement page on privacy and cybersecurity.

“We receive plenty of kudos for that style of doing business, and we aim to repeat this success and to continue to find the most effective and efficient ways to actively listen to and work together with others,” Stine wrote.

A NIST spokesperson said it is also routine for NIST to hire industry contractors to help with standards development.

“It is common practice for federal agencies to supplement their workforce with expertise from contractors,” the spokesperson said, adding, “NIST follows rigorous, open and transparent processes that include input from industry, academia, and government stakeholders to develop our standards and guidelines.”