“My job here at Standard Services is really not to mandate anything, my job is to help other federal agencies understand the alternative approaches that they can use; and help them move through the decision making process with the best most effective regulatory approach for their particular agency mission.” – Gordon Gillerman, Director of Standards Services Division, NIST
“We work with developing industry led consensus based standards bodies to develop those standards in that space, that then can be used by those who have these missions, to understand products that are being used into our marketplace, so they have that body, should they need it.” – Matt Scholl, Deputy Division Chief, Computer Security Division, NIST
National Institute of Standards and Technology
Compliance professionals both in and outside the federal government regularly seek guidance for deploying standards from the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce.
Gordon Gillerman, Director of Standards Services Division at NIST, and Matt Scholl, Deputy Division Chief, Computer Security Division at NIST, appeared on Federal News Radio for an in-depth conversation on Federal Tech Talk with ARMATURE’s John Gilroy. The radio interview served as a platform to inform federal IT professionals of best practices for standards and conformity assessment.
“NIST helps U.S. government agencies have confidence that even private sector organizations who are executing some of these conformity assessments do it with confidence and integrity and can provide the confidence in regulatory compliance that they need to fulfill their mission,” said Gordon Gillerman.
Fourteen years ago, OMB Circular A-119 was created to describe the development and use of voluntary consensus standards and conformity assessment activities. In January of 2012, the M-12-08 Memorandum clarified several principles concerning federal involvement in the standards process, specifically for conformity assessment practices within the compliance community. Over the past few months, NIST has sponsored conformity assessment public workshops for additional support and guidance.
The interview started off with an overview of conformity assessment and security and a description of the rationale behind the workshops. From there, the NIST leaders gave their opinions on three main areas:
Value of compliance. For governments, conformity assessment reduces barriers to trade. For businesses, interoperability of compliance organizations helps to reduce multiple inspections. Even consumers benefit from commonly accepted standards because they help reduce uncertainty about purchasing a product.
Challenges for agencies. Agencies are being challenged to do conformity assessment on a reduced budget. Further, individuals in these agencies may not have experience in working with third party conformity assessment organizations or have any experience with developing standards-based programs. NIST has acted as a “clearinghouse” to provide information on best practices and how other agencies can develop compliance programs.
Interaction with the compliance community. Third party standards can originate from several organizations. During the interview, the NIST leaders detailed some of the challenges associated in using private sector standards in federal regulations. This includes reducing duplication of federal and private standards and the interplay of federal, private, and international standards.
Gordon and Matt have a clear message: compliance to standards will assist in innovation and reduce costs for everyone.
Compliance has a wide application – from consumer concerns about quality products to reducing cost for providing web based services to federal agencies. In a rapidly changing technology environment IT professionals must update their knowledge of how to work with standards, third party conformity assessors, and international organizations.
ARMATURE provides compliance management solutions for organizations performing accreditation, conformity assessment, and quality assurance to help evaluate performance, measure quality, and analyze outcomes against set standards. If you would like to learn more, please read the ARMATURE accreditation blog.
You can also listen to the full interview and discussion with Gordon Gillerman and Matt Scholl.
ARMATURE’s John Gilroy hosts a weekly radio show on Federal News Radio, appears regularly as “The Computer Guy” on The Kojo Nnamdi Show, and is an experienced platform speaker. Read thought-provoking comments on the technology industry at John’s blog.