H. Rept. 115-376: NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017, Report Together with Minority Views to Accompany H.R. 1224, Including Cost Estimate of the Congressional Budget Office, October 31, 2017 [open pdf - 429KB]
From Purpose and Summary: "H.R. 1224, the NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017, implements key ideas to help strengthen Federal government cybersecurity. The bill promotes the federal use of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, and establishes a federal working group to develop quantifiable metrics to compile information about the effectiveness of the NIST Cybersecurity Framework in protecting federal information and information systems. H.R. 1224 also directs NIST to complete an initial assessment of the cybersecurity preparedness of priority federal agencies and prepare a needs-based audit plan in advance of carrying out individual cybersecurity audits of each federal agency to determine the extent to which each agency is meeting the information security standards developed by NIST. H.R. 1224 further directs NIST to establish a schedule such that agencies are either audited annually or biennially depending on their information security risk. H.R. 1224 requires a report of each audit to be submitted to the Office of Management and Budget (OMB), the Office of Science and Technology Policy (OSTP), the U.S. Government Accountability Office (GAO), the agency being audited, the agency's Office of Inspector General if it has one, and Congress, including the House Science, Space, and Technology Committee and the Senate Committee on Commerce, Science, and Transportation."
H. Rept. 115-376; House Report 115-376
U.S. Government Publishing Office: http://www.gpo.gov/