§272. Establishment, functions, and activities
(a) Establishment of National Institute of Standards and Technology
There is established within the Department of Commerce a science, engineering, technology, and measurement laboratory to be known as the National Institute of Standards and Technology (hereafter in this chapter referred to as the "Institute").
(b) Functions of Secretary and Institute
The Secretary of Commerce (hereafter in this chapter referred to as the "Secretary") acting through the Director of the Institute (hereafter in this chapter referred to as the "Director") is authorized to serve as the President's principal adviser on standards policy pertaining to the Nation's technological competitiveness and innovation ability and to take all actions necessary and appropriate to accomplish the purposes of this chapter, including the following functions of the Institute-
(1) to assist industry in the development of technology and procedures needed to improve quality, to modernize manufacturing processes, to ensure product reliability, manufacturability, functionality, and cost-effectiveness, and to facilitate the more rapid commercialization, especially by small- and medium-sized companies throughout the United States, of products based on new scientific discoveries in fields such as automation, electronics, advanced materials, biotechnology, and optical technologies;
(2) to develop, maintain, and retain custody of the national standards of measurement, and provide the means and methods for making measurements consistent with those standards;
(3) to facilitate standards-related information sharing and cooperation between Federal agencies and to coordinate the use by Federal agencies of private sector standards, emphasizing where possible the use of standards developed by private, consensus organizations;
(4) to enter into and perform such contracts, including cooperative research and development arrangements and grants and cooperative agreements or other transactions, as may be necessary in the conduct of its work and on such terms as it may determine appropriate, in furtherance of the purposes of this chapter;
(5) to provide United States industry, Government, and educational institutions with a national clearinghouse of current information, techniques, and advice for the achievement of higher quality and productivity based on current domestic and international scientific and technical development;
(6) to assist industry in the development of measurements, measurement methods, and basic measurement technology;
(7) to determine, compile, evaluate, and disseminate physical constants and the properties and performance of conventional and advanced materials when they are important to science, engineering, manufacturing, education, commerce, and industry and are not available with sufficient accuracy elsewhere;
(8) to develop a fundamental basis and methods for testing materials, mechanisms, structures, equipment, and systems, including those used by the Federal Government;
(9) to assure the compatibility of United States national measurement standards with those of other nations;
(10) to cooperate with other departments and agencies of the Federal Government, with industry, with State and local governments, with the governments of other nations and international organizations, and with private organizations in establishing standard practices, codes, specifications, and voluntary consensus standards;
(11) to advise government and industry on scientific and technical problems;
(12) to invent, develop, and (when appropriate) promote transfer to the private sector of measurement devices to serve special national needs; and
(13) to coordinate technical standards activities and conformity assessment activities of Federal, State, and local governments with private sector technical standards activities and conformity assessment activities, with the goal of eliminating unnecessary duplication and complexity in the development and promulgation of conformity assessment requirements and measures.
(c) Implementation activities
In carrying out the functions specified in subsection (b), the Secretary, acting through the Director 1 may, among other things-
(1) construct physical standards;
(2) test, calibrate, and certify standards and standard measuring apparatus;
(3) study and improve instruments, measurement methods, and industrial process control and quality assurance techniques;
(4) cooperate with the States in securing uniformity in weights and measures laws and methods of inspection;
(5) cooperate with foreign scientific and technical institutions to understand technological developments in other countries better;
(6) prepare, certify, and sell standard reference materials for use in ensuring the accuracy of chemical analyses and measurements of physical and other properties of materials;
(7) in furtherance of the purposes of this chapter, accept research associates, cash donations, and donated equipment from industry, and also engage with industry in research to develop new basic and generic technologies for traditional and new products and for improved production and manufacturing;
(8) study and develop fundamental scientific understanding and improved measurement, analysis, synthesis, processing, and fabrication methods for chemical substances and compounds, ferrous and nonferrous metals, and all traditional and advanced materials, including processes of degradation;
(9) investigate ionizing and nonionizing radiation and radioactive substances, their uses, and ways to protect people, structures, and equipment from their harmful effects;
(10) determine the atomic and molecular structure of matter, through analysis of spectra and other methods, to provide a basis for predicting chemical and physical structures and reactions and for designing new materials and chemical substances, including biologically active macromolecules;
(11) perform research on electromagnetic waves, including optical waves, and on properties and performance of electrical, electronic, and electromagnetic devices and systems and their essential materials, develop and maintain related standards, and disseminate standard signals through broadcast and other means;
(12) develop and test standard interfaces, communication protocols, and data structures for computer and related telecommunications systems;
(13) study computer systems (as that term is defined in section 278g–3(d) 2 of this title) and their use to control machinery and processes;
(14) perform research to develop standards and test methods to advance the effective use of computers and related systems and to protect the information stored, processed, and transmitted by such systems and to provide advice in support of policies affecting Federal computer and related telecommunications systems;
(15) on an ongoing basis, facilitate and support the development of a voluntary, consensus-based, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes to cost-effectively reduce cyber risks to critical infrastructure (as defined under subsection (e));
(16) support information security measures for the development and lifecycle of software and the software supply chain, including development of voluntary, consensus-based technical standards, best practices, frameworks, methodologies, procedures, processes, and software engineering toolkits and configurations;
(17) support information security measures, including voluntary, consensus-based technical standards, best practices, and guidelines, for the design, adoption, and deployment of cloud computing services;
(18) support research, development, and practical application to improve the usability of cybersecurity processes and technologies;
(19) facilitate and support the development of a voluntary, consensus-based set of technical standards, guidelines, best practices, methodologies, procedures, and processes to improve privacy protections in systems, technologies, and processes used by both the public and private sector;
(20) support privacy measures, including voluntary, consensus-based technical standards, best practices, guidelines, metrology, and testbeds for the design, adoption, and deployment of privacy enhancing technologies;
(21) perform research to support the development of voluntary, consensus-based, industry-led standards and recommendations on the security of computers, computer networks, and computer data storage used in election systems to ensure voters can vote securely and privately;
(22) determine properties of building materials and structural elements, and encourage their standardization and most effective use, including investigation of fire-resisting properties of building materials and conditions under which they may be most efficiently used, and the standardization of types of appliances for fire prevention;
(23) undertake such research in engineering, pure and applied mathematics, statistics, computer science, materials science, and the physical sciences as may be necessary to carry out and support the functions specified in this section;
(24) host, participate in, and support scientific and technical workshops (as defined in section 202 of the American Innovation and Competitiveness Act);
(25) collect and retain any fees charged by the Secretary for hosting a scientific and technical workshop described in paragraph (19); 2
(26) notwithstanding title 31 of the United States Code, use the fees described in paragraph (20) 2 to pay for any related expenses, including subsistence expenses for participants;
(27) compile, evaluate, publish, and otherwise disseminate general, specific and technical data resulting from the performance of the functions specified in this section or from other sources when such data are important to science, engineering, or industry, or to the general public, and are not available elsewhere;
(28) collect, create, analyze, and maintain specimens of scientific value;
(29) operate national user facilities;
(30) evaluate promising inventions and other novel technical concepts submitted by inventors and small companies and work with other Federal agencies, States, and localities to provide appropriate technical assistance and support for those inventions which are found in the evaluation process to have commercial promise;
(31) demonstrate the results of the Institute's activities by exhibits or other methods of technology transfer, including the use of scientific or technical personnel of the Institute for part-time or intermittent teaching and training activities at educational institutions of higher learning as part of and incidental to their official duties; and
(32) undertake such other activities similar to those specified in this subsection as the Director determines appropriate.
(d) Management costs
In carrying out the extramural funding programs of the Institute, including the programs established under sections 278k and 278l of this title, the Secretary may retain reasonable amounts of any funds appropriated pursuant to authorizations for these programs in order to pay for the Institute's management of these programs.
(e) Cyber risks
(1) In general
In carrying out the activities under subsection (c)(15), the Director-
(A) shall-
(i) coordinate closely and regularly with relevant private sector personnel and entities, critical infrastructure owners and operators, and other relevant industry organizations, including Sector Coordinating Councils and Information Sharing and Analysis Centers, and incorporate industry expertise;
(ii) consult with the heads of agencies with national security responsibilities, sector-specific agencies and other appropriate agencies, State and local governments, the governments of other nations, and international organizations;
(iii) identify a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, that may be voluntarily adopted by owners and operators of critical infrastructure to help them identify, assess, and manage cyber risks;
(iv) include methodologies-
(I) to identify and mitigate impacts of the cybersecurity measures or controls on business confidentiality; and
(II) to protect individual privacy and civil liberties;
(v) incorporate voluntary consensus standards and industry best practices;
(vi) align with voluntary international standards to the fullest extent possible;
(vii) prevent duplication of regulatory processes and prevent conflict with or superseding of regulatory requirements, mandatory standards, and related processes;
(viii) consider small business concerns (as defined in section 632 of this title);
(ix) consider institutions of higher education (as such term is defined in section 1001 of title 20); and
(x) include such other similar and consistent elements as the Director considers necessary; and
(B) shall not prescribe or otherwise require-
(i) the use of specific solutions;
(ii) the use of specific information or communications technology products or services; or
(iii) that information or communications technology products or services be designed, developed, or manufactured in a particular manner.
(2) Limitation
Information shared with or provided to the Institute for the purpose of the activities described under subsection (c)(15) shall not be used by any Federal, State, tribal, or local department or agency to regulate the activity of any entity. Nothing in this paragraph shall be construed to modify any regulatory requirement to report or submit information to a Federal, State, tribal, or local department or agency.
(3) Definitions
In this subsection:
(A) Critical infrastructure
The term "critical infrastructure" has the meaning given the term in section 5195c(e) of title 42.
(B) Sector-specific agency
The term "sector-specific agency" means the Federal department or agency responsible for providing institutional knowledge and specialized expertise as well as leading, facilitating, or supporting the security and resilience programs and associated activities of its designated critical infrastructure sector in the all-hazards environment.
(Mar. 3, 1901, ch. 872, §2,
Editorial Notes
References in Text
Section 278g–3 of this title, referred to in subsec. (c)(13), was amended, and no longer defines the term "computer systems".
Section 202 of the American Innovation and Competitiveness Act, referred to in subsec. (c)(24), is section 202 of
Paragraphs (19) and (20), referred to in subsec. (c)(25) and (26), were redesignated as pars. (24) and (25), respectively, of subsec. (c) of this section by
Amendments
2022-Subsec. (b)(4).
Subsec. (c)(16).
Subsec. (c)(17) to (32).
Subsec. (e)(1)(A)(ix), (x).
2018-Subsec. (e)(1)(A)(viii), (ix).
2017-Subsec. (b).
Subsec. (b)(3).
Subsec. (b)(13).
Subsec. (c)(16) to (27).
Subsec. (d).
2014-Subsec. (c)(15) to (23).
Subsec. (e).
2007-Subsec. (b).
Subsec. (b)(4).
Subsec. (c).
1996-Subsec. (b)(2).
Subsec. (b)(3) to (12).
Subsec. (b)(13).
1992-Subsec. (d).
1988-
Par. (20).
1972-Par. (19).
1950-Act July 22, 1950, provided basic authority for performance of certain functions and activities of Department of Commerce.
Statutory Notes and Related Subsidiaries
Change of Name
Reference to a Sector Specific Agency (including any permutations or conjugations thereof) deemed to be a reference to the Sector Risk Management Agency of the relevant critical infrastructure sector and have the meaning given such term in section 650 of Title 6, Domestic Security, see section 652a(c)(3) of Title 6, enacted Jan. 1, 2021.
Construction of Pub. L. 115–236
Reporting
"(1) A description of when the other transactions authority described in such amended paragraph was used and for what purpose.
"(2) A description of why such other transactions authority was required.
"(3) Steps taken to ensure necessary and sufficient oversight of Federal Government requirements implemented using such other transactions authority."
Dissemination of Resources for Small Businesses
"(1)
"(2)
"(A) are generally applicable and usable by a wide range of small business concerns;
"(B) vary with the nature and size of the implementing small business concern, and the nature and sensitivity of the data collected or stored on the information systems or devices of the implementing small business concern;
"(C) include elements, that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist small business concerns in mitigating common cybersecurity risks;
"(D) include case studies of practical application;
"(E) are technology-neutral and can be implemented using technologies that are commercial and off-the-shelf; and
"(F) are based on international standards to the extent possible, and are consistent with the Stevenson-Wydler Technology Innovation Act of 1980 (15 U.S.C. 3701 et seq.).
"(3)
"(4)
"(5)
"(6)
"(7)
NIST Cybersecurity Priorities
"(1)
"(2)
"(A) research information systems for future cybersecurity needs; and
"(B) coordinate with relevant stakeholders to develop a process-
"(i) to research and identify or, if necessary, develop cryptography standards and guidelines for future cybersecurity needs, including quantum-resistant cryptography standards; and
"(ii) to provide recommendations to Congress, Federal agencies, and industry consistent with the National Technology Transfer and Advancement Act of 1995 (
Laboratory Program Improvements
"(a)
"(1) interactions with academia, international researchers, and industry; and
"(2) commercial and industrial applications.
"(b)
"(1) include performance metrics for the dissemination of fundamental research results, measurements, and standards research results to industry, including manufacturing, and other interested parties;
"(2) document any positive benefits of research on the competitiveness of the interested parties described in paragraph (1);
"(3) clarify the current approach to the technology transfer activities of NIST; and
"(4) consider recommendations from the National Academy of Sciences."
Enhancement of Science and Mathematics Programs
"(a)
"(1)
"(2)
"(b)
Transmittal of Plan for Standards Conformity to Congress
Utilization of Consensus Technical Standards by Federal Agencies
"(1)
"(2)
"(3)
"(4)
"(5)
International Standards
"(a)
"(b)
Initial Organization Plan for Institute
"(1) At least 60 days before its effective date and within 120 days after the date of the enactment of this Act [Aug. 23, 1988], an initial organization plan for the National Institute of Standards and Technology (hereafter in this part [see Short Title of 1988 Amendment note set out under section 271 of this title] referred to as the 'Institute') shall be submitted by the Director of the Institute (hereafter in this part referred to as the 'Director') after consultation with the Visiting Committee on Advanced Technology, to the Committee on Science, Space, and Technology of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate. Such plan shall-
"(A) establish the major operating units of the Institute;
"(B) assign each of the activities listed in section 2(c) of the Act of March 3, 1901 [15 U.S.C. 272(c)], and all other functions and activities of the Institute, to at least one of the major operating units established under subparagraph (A);
"(C) provide details of a 2-year program for the Institute, including the Advanced Technology Program;
"(D) provide details regarding how the Institute will expand and fund the Inventions program in accordance with section 27 of the Act of March 3, 1901 [former 15 U.S.C. 278m]; and
"(E) make no changes in the Center for Building Technology or the Center for Fire Research.
"(2) The Director may revise the organization plan. Any revision of the organization plan submitted under paragraph (1) shall be submitted to the appropriate committees of the House of Representatives and the Senate at least 60 days before the effective date of such revision.
"(3) Until the effective date of the organization plan, the major operating units of the Institute shall be the major operating units of the National Bureau of Standards that were in existence on the date of the enactment of this Act [Aug. 23, 1988] and the Advanced Technology Program."
National Institute of Standards and Technology; Small Business Plan
Construction of Radio Laboratory Building
Act Oct. 25, 1949, ch. 703,
Construction of a Guided-Missile Research Laboratory
Act Oct. 25, 1949, ch. 728,
Definitions
"(1)
"(2)
"(3)