FACACLASSIC

Note: An Annual Comprehensive Review, as required by §7 of the Federal Advisory Committee Act, is conducted each year on committee data entered for the previous fiscal year (referred to as the reporting year). The data for the reporting year is not considered verified until this review is complete and the data is moved to history for an agency/department. See the Data From Previous Years section at the bottom of this page for the committee’s historical, verified data.

Details on agency responses to committee recommendations can be found under the Performance Measures section for each committee in the fields “Agency Feedback” and “Agency Feedback Comment.”

DOC - 324 - Information Security and Privacy Advisory Board - Statutory (Congress Created)

GENERAL INFORMATION

Committee Name	Information Security and Privacy Advisory Board	Agency Name	Department of Commerce
Fiscal Year	2025	Committee Number	324
Original Establishment Date	1/8/1988	Committee Status	Chartered
Actual Termination Date		Committee URL	http://csrc.nist.gov/groups/SMA/ispab/index.html
Actual Merged Date		Presidential Appointments*	No
New Committee This FY	No	Max Number of Members*	13
Terminated This FY	No	Designated Fed Officer Position Title*	DFO
Merged This FY		Designated Federal Officer Prefix	Mr.
Current Charter Date	2/23/2024	Designated Federal Officer First Name*	Jeff
Date Of Renewal Charter	2/23/2026	Designated Federal Officer Middle Name
Projected Termination Date		Designated Federal Officer Last Name*	Brewer
Exempt From Renewal*	No	Designated Federal Officer Suffix
Specific Termination Authority		Designated Federal Officer Phone*	(301) 975-2489
Establishment Authority*	Statutory (Congress Created)	Designated Federal Officer Fax*	(301) 975-8670
Specific Establishment Authority*	15 U.S.C. 278g-4	Designated Federal Officer Email*	jeffrey.brewer@nist.gov
Effective Date Of Authority*	1/8/1988
Exempt From EO 13875 Discretionary Cmte	Not Applicable
Committee Type*	Continuing
Presidential*	No
Committee Function*	Scientific Technical Program Advisory Board

RECOMMENDATION/JUSTIFICATIONS

Agency Recommendation*	Continue
Legislation to Terminate Required	Not Applicable
Legislation Status	Not Applicable
How does cmte accomplish its purpose?*	The Information Security and Privacy Advisory Board's (Board or Advisory Board) advises the Director of the National Institute of Standards and Technology (NIST), the Secretary of the Department of Homeland Security (DHS), and the Director of the Office of Management and Budget (OMB) on information security and privacy related issues. The Board accomplishes this through informational briefings and presentations by NIST staff and external presenters at regular open meetings. Presenters often include program stakeholders and government/industry partners as well as experts in the information technology field, discussing trends, challenges, and potential solutions. These meetings, held 3 times a year, provide the opportunity for the Board to interact with subject matter experts and key stakeholders, combined with the Member's diverse perspective, offers a valued forum for discussing and proposing solutions to the U.S. Governments- and industry-related issues.
How is membership balanced?*	The Board is comprised of members from academia, industry, expert advisors representing small businesses, and pertinent U.S. Government departments and agencies. Presently, the membership consists of nine members including the Chairperson, and is currently in the process of vetting additional members. Current membership can be viewed at: https://csrc.nist.gov/Projects/ispab/members.
How frequent & relevant are cmte mtgs?*	The Board holds open, public meetings 3-4 times a year. At the first meeting of every fiscal year, the Board reviews and updates its work plan items for fiscal year. Topics include NIST publications and guidance, research and development, NIST's Cybersecurity and Privacy Programs and Frameworks, Cybersecurity challenges and threats facing the U.S. Government and small businesses, NIST's National Vulnerability Database (NVD) Program, Artificial Intelligence, and Software Metrics and Measurement.
Why advice can't be obtained elsewhere?*	In drafting the Computer Security Act of 1987, which created this Advisory Board, we understand that Congress saw a need for an independent, non-federally dominated group of computer security experts to offer its advice to senior government officials on emerging computer security areas. The Board members, with their individual and collective skills, responsibilities and experiences fulfill this requirement. No other similar group of experts meet regularly to review information security issues involved in unclassified Federal Government computer systems and networks. In today's emerging technology, privacy is ever moving into prominent importance, not just for security, but it instills confidence from industry and consumers. Also, Title III of the E-Government Act of 2002 reaffirmed the need for this Board by giving it additional responsibilities.
Why close or partially close meetings?	N/A
Recommendation Remarks	Over the course of this fiscal year, the Board did not present letters of recommendation. The Board's emphasis was on information collection, with scheduled updates and follow-up briefings that may lead to formal decision-making and consensus recommendations, which are considered more appropriate at later stages following initial discussions and analyses.

PERFORMANCE MEASURES

Outcome Improvement To Health Or Safety*	No	Action Reorganize Priorities*	Yes
Outcome Trust In Government	Yes	Action Reallocate Resources	Yes
Outcome Major Policy Changes	No	Action Issued New Regulations	No
Outcome Advance In Scientific Research	Yes	Action Proposed Legislation	No
Outcome Effective Grant Making	No	Action Approved Grants Or Other Payments	No
Outcome Improved Service Delivery	Yes	Action Other	Yes
Outcome Increased Customer Satisfaction	Yes	Action Comment	NIST continues to refine their strategy based on objective feedback related to presentations and submissions of the Board.
Outcome Implement Laws/Reg Requirements	No	Grants Review*	No
Outcome Other	No	Number Of Grants Reviewed	0
Outcome Comment	NA	Number Of Grants Recommended	0
Cost Savings*	Unable to Determine	Dollar Value Of Grants Recommended	$0.00
Cost Savings Comment	Many of the recommendations address information security and privacy policy government-wide. Cost savings would vary based on agency-specific implementation.	Grants Review Comment	NA
Number Of Recommendations*	56	Access Contact Designated Fed. Officer*	Yes
Number Of Recommendations Comment	For fiscal year 2025, the Board did not formally make any recommendations.	Access Agency Website	Yes
% of Recs Fully Implemented*	30.00%	Access Committee Website	Yes
% of Recs Fully Implemented Comment	All recommendations do not address the agency. They may be directed to OMB for government-wide impact, which is difficult to report or monitor percentage of implementation. Those time lines are driven by the OMB directives. Board recommendations specific to NIST have been or will be addressed and implemented.	Access GSA FACA Website	Yes
% of Recs Partially Implemented*	0.00%	Access Publications	Yes
% of Recs Partially Implemented Comment	NA	Access Other	Yes
Agency Feedback*	Yes	Access Comment	Information is published in the FEDERAL REGISTER announcing the meetings and agendas and announcing an annual request for nomination consideration to the membership of the Board.
Agency Feedback Comment*	Feedback to the Advisory Board are filtered in several ways: through email to the DFO and members; formal statements during the public opening session in meetings; or the dedicated ISPAB website.	Narrative Description*	The Board advises NIST, the Secretary of Commerce and the Director of OMB on information security and privacy issues pertaining to Federal government unclassified information systems. This includes through review of proposed standards and guidelines developed under Section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3) as amended by Title III of the E-Government Act of 2002.

COSTS

1. Payments to Non-Federal Members*	$0.00	1. Est Paymnts to Non-Fed Membrs Nxt FY*	$0.00
2. Payments to Federal Members*	$9,300.00	2. Est. Payments to Fed Members Next FY*	$16,000.00
3. Payments to Federal Staff*	$41,000.00	3. Estimated Payments to Federal Staff*	$50,000.00
4. Payments to Consultants*	$0.00	4. Est. Payments to Consultants Next FY*	$0.00
5. Travel Reimb. For Non-Federal Membrs*	$0.00	5. Est Travel Reimb Non-Fed Membr nxtFY*	$18,000.00
6. Travel Reimb. For Federal Members*	$0.00	6. Est Travel Reimb For Fed Members*	$1,000.00
7. Travel Reimb. For Federal Staff*	$0.00	7. Est. Travel Reimb to Fed Staf Nxt FY*	$1,000.00
8. Travel Reimb. For Consultants*	$0.00	8. Est Travel Reimb to Consltnts Nxt FY*	$0.00
10. Other Costs	$0.00	10. Est. Other Costs Next FY*	$0.00
11. Total Costs	$61,900.00	11. Est. Total Next FY*	$86,000.00
Date Cost Last Modified	8/28/2025 5:43 AM	Est. Fed Staff Support Next FY*
Federal Staff Support (FTE)*	0.30	Est Cost Remarks	Cost estimates for Fiscal Year 2026 are expected to be lower than previous years as planned meetings will be held on NIST campus; reducing meeting space, AV support costs, and travel for federal staff.
Cost Remarks	Costs were reduced for fiscal year 2025 as we held only two meetings virtually. No travel or meeting space cost incurred. Contract ended for transcription support after first meeting (November 2024).

Interest Areas

Category Area Business Industry Manufacturing Small Business Computer Technology Technology Applications Computers Information Technology Internet Semiconductors Systems Engineering Data Data Integrity Data Quality Privacy Government Federal Government Internal Federal Government Research Research and Development Science and Technology Innovation Science and Technology

Custom Links

Committee Level Reports