Cyberattacks against government, critical infrastructure, and other private entities have placed pressure on Congress and the Administration to act.  Additionally, the United States currently does not have a national data privacy law, and pressure is building on Congress to establish a federal standard.

Below is an overview of what federal action has been taken to date, and what is pending.

Cybersecurity

• White House
  • Executive Orders

• Congress
  • NEMA-Watched Legislation
  • NEMA-Watched Amendments to Legislation
  • Enacted Legislation

• Federal Agencies
  • NIST
    • Cybersecurity Framework
    • Risk Management Framework
    • Cybersecurity Labeling for Consumers: IoT Devices & Software
  • CISA
    • Critical Infrastructure Sector: Critical Manufacturing
    • Sector Coordinating Councils

  Active Member of the Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership

  • Comments and Rulemaking
    • Nov. 14, 2022 | NEMA - CIRCIA RFI Comments
    • May 5, 2022 | SEC CIR Comments
• Resources
  • Cybersecurity
    • CyberSentry (via Department of Homeland Security)
      Voluntary program to enhance the cyber resilience of organizations that own and operate critical infrastructure.
    • Baldrige Performance Excellence Program
      Presidential award program that recognizes business performance, including in cybersecurity and risk mitigation.
    • Rewards for Justice Program
      Companies and individuals that have information on state-sponsored Russian cyber operations targeting U.S. critical infrastructure (including manufacturing) are encouraged to contact the Department of State’s Rewards for Justice Program. Participants may be eligible for a reward of up to $10 million.

Data Privacy

• Congress: NEMA-Watched Legislation
• NIST: Privacy Framework