U.S Code last checked for updates: Nov 24, 2024
§ 272.
Establishment, functions, and activities
(a)
Establishment of National Institute of Standards and Technology
(b)
Functions of Secretary and Institute
The Secretary of Commerce (hereafter in this chapter referred to as the “Secretary”) acting through the Director of the Institute (hereafter in this chapter referred to as the “Director”) is authorized to serve as the President’s principal adviser on standards policy pertaining to the Nation’s technological competitiveness and innovation ability and to take all actions necessary and appropriate to accomplish the purposes of this chapter, including the following functions of the Institute—
(1)
to assist industry in the development of technology and procedures needed to improve quality, to modernize manufacturing processes, to ensure product reliability, manufacturability, functionality, and cost-effectiveness, and to facilitate the more rapid commercialization, especially by small- and medium-sized companies throughout the United States, of products based on new scientific discoveries in fields such as automation, electronics, advanced materials, biotechnology, and optical technologies;
(2)
to develop, maintain, and retain custody of the national standards of measurement, and provide the means and methods for making measurements consistent with those standards;
(3)
to facilitate standards-related information sharing and cooperation between Federal agencies and to coordinate the use by Federal agencies of private sector standards, emphasizing where possible the use of standards developed by private, consensus organizations;
(4)
to enter into and perform such contracts, including cooperative research and development arrangements and grants and cooperative agreements or other transactions, as may be necessary in the conduct of its work and on such terms as it may determine appropriate, in furtherance of the purposes of this chapter;
(5)
to provide United States industry, Government, and educational institutions with a national clearinghouse of current information, techniques, and advice for the achievement of higher quality and productivity based on current domestic and international scientific and technical development;
(6)
to assist industry in the development of measurements, measurement methods, and basic measurement technology;
(7)
to determine, compile, evaluate, and disseminate physical constants and the properties and performance of conventional and advanced materials when they are important to science, engineering, manufacturing, education, commerce, and industry and are not available with sufficient accuracy elsewhere;
(8)
to develop a fundamental basis and methods for testing materials, mechanisms, structures, equipment, and systems, including those used by the Federal Government;
(9)
to assure the compatibility of United States national measurement standards with those of other nations;
(10)
to cooperate with other departments and agencies of the Federal Government, with industry, with State and local governments, with the governments of other nations and international organizations, and with private organizations in establishing standard practices, codes, specifications, and voluntary consensus standards;
(11)
to advise government and industry on scientific and technical problems;
(12)
to invent, develop, and (when appropriate) promote transfer to the private sector of measurement devices to serve special national needs; and
(13)
to coordinate technical standards activities and conformity assessment activities of Federal, State, and local governments with private sector technical standards activities and conformity assessment activities, with the goal of eliminating unnecessary duplication and complexity in the development and promulgation of conformity assessment requirements and measures.
(c)
Implementation activities
In carrying out the functions specified in subsection (b), the Secretary, acting through the Director 1
1
 So in original. Probably should be followed by a comma.
may, among other things—
(1)
construct physical standards;
(2)
test, calibrate, and certify standards and standard measuring apparatus;
(3)
study and improve instruments, measurement methods, and industrial process control and quality assurance techniques;
(4)
cooperate with the States in securing uniformity in weights and measures laws and methods of inspection;
(5)
cooperate with foreign scientific and technical institutions to understand technological developments in other countries better;
(6)
prepare, certify, and sell standard reference materials for use in ensuring the accuracy of chemical analyses and measurements of physical and other properties of materials;
(7)
in furtherance of the purposes of this chapter, accept research associates, cash donations, and donated equipment from industry, and also engage with industry in research to develop new basic and generic technologies for traditional and new products and for improved production and manufacturing;
(8)
study and develop fundamental scientific understanding and improved measurement, analysis, synthesis, processing, and fabrication methods for chemical substances and compounds, ferrous and nonferrous metals, and all traditional and advanced materials, including processes of degradation;
(9)
investigate ionizing and nonionizing radiation and radioactive substances, their uses, and ways to protect people, structures, and equipment from their harmful effects;
(10)
determine the atomic and molecular structure of matter, through analysis of spectra and other methods, to provide a basis for predicting chemical and physical structures and reactions and for designing new materials and chemical substances, including biologically active macromolecules;
(11)
perform research on electromagnetic waves, including optical waves, and on properties and performance of electrical, electronic, and electromagnetic devices and systems and their essential materials, develop and maintain related standards, and disseminate standard signals through broadcast and other means;
(12)
develop and test standard interfaces, communication protocols, and data structures for computer and related telecommunications systems;
(13)
study computer systems (as that term is defined in section 278g–3(d) 2
2
 See References in Text note below.
of this title) and their use to control machinery and processes;
(14)
perform research to develop standards and test methods to advance the effective use of computers and related systems and to protect the information stored, processed, and transmitted by such systems and to provide advice in support of policies affecting Federal computer and related telecommunications systems;
(15)
on an ongoing basis, facilitate and support the development of a voluntary, consensus-based, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes to cost-effectively reduce cyber risks to critical infrastructure (as defined under subsection (e));
(16)
support information security measures for the development and lifecycle of software and the software supply chain, including development of voluntary, consensus-based technical standards, best practices, frameworks, methodologies, procedures, processes, and software engineering toolkits and configurations;
(17)
support information security measures, including voluntary, consensus-based technical standards, best practices, and guidelines, for the design, adoption, and deployment of cloud computing services;
(18)
support research, development, and practical application to improve the usability of cybersecurity processes and technologies;
(19)
facilitate and support the development of a voluntary, consensus-based set of technical standards, guidelines, best practices, methodologies, procedures, and processes to improve privacy protections in systems, technologies, and processes used by both the public and private sector;
(20)
support privacy measures, including voluntary, consensus-based technical standards, best practices, guidelines, metrology, and testbeds for the design, adoption, and deployment of privacy enhancing technologies;
(21)
perform research to support the development of voluntary, consensus-based, industry-led standards and recommendations on the security of computers, computer networks, and computer data storage used in election systems to ensure voters can vote securely and privately;
(22)
determine properties of building materials and structural elements, and encourage their standardization and most effective use, including investigation of fire-resisting properties of building materials and conditions under which they may be most efficiently used, and the standardization of types of appliances for fire prevention;
(23)
undertake such research in engineering, pure and applied mathematics, statistics, computer science, materials science, and the physical sciences as may be necessary to carry out and support the functions specified in this section;
(24)
host, participate in, and support scientific and technical workshops (as defined in section 202 of the American Innovation and Competitiveness Act);
(25)
collect and retain any fees charged by the Secretary for hosting a scientific and technical workshop described in paragraph (19); 2
(26)
notwithstanding title 31 of the United States Code, use the fees described in paragraph (20) 2 to pay for any related expenses, including subsistence expenses for participants;
(27)
compile, evaluate, publish, and otherwise disseminate general, specific and technical data resulting from the performance of the functions specified in this section or from other sources when such data are important to science, engineering, or industry, or to the general public, and are not available elsewhere;
(28)
collect, create, analyze, and maintain specimens of scientific value;
(29)
operate national user facilities;
(30)
evaluate promising inventions and other novel technical concepts submitted by inventors and small companies and work with other Federal agencies, States, and localities to provide appropriate technical assistance and support for those inventions which are found in the evaluation process to have commercial promise;
(31)
demonstrate the results of the Institute’s activities by exhibits or other methods of technology transfer, including the use of scientific or technical personnel of the Institute for part-time or intermittent teaching and training activities at educational institutions of higher learning as part of and incidental to their official duties; and
(32)
undertake such other activities similar to those specified in this subsection as the Director determines appropriate.
(d)
Management costs
(e)
Cyber risks
(1)
In general
In carrying out the activities under subsection (c)(15), the Director—
(A)
shall—
(i)
coordinate closely and regularly with relevant private sector personnel and entities, critical infrastructure owners and operators, and other relevant industry organizations, including Sector Coordinating Councils and Information Sharing and Analysis Centers, and incorporate industry expertise;
(ii)
consult with the heads of agencies with national security responsibilities, sector-specific agencies and other appropriate agencies, State and local governments, the governments of other nations, and international organizations;
(iii)
identify a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, that may be voluntarily adopted by owners and operators of critical infrastructure to help them identify, assess, and manage cyber risks;
(iv)
include methodologies—
(I)
to identify and mitigate impacts of the cybersecurity measures or controls on business confidentiality; and
(II)
to protect individual privacy and civil liberties;
(v)
incorporate voluntary consensus standards and industry best practices;
(vi)
align with voluntary international standards to the fullest extent possible;
(vii)
prevent duplication of regulatory processes and prevent conflict with or superseding of regulatory requirements, mandatory standards, and related processes;
(viii)
consider small business concerns (as defined in section 632 of this title);
(ix)
consider institutions of higher education (as such term is defined in section 1001 of title 20); and
(x)
include such other similar and consistent elements as the Director considers necessary; and
(B)
shall not prescribe or otherwise require—
(i)
the use of specific solutions;
(ii)
the use of specific information or communications technology products or services; or
(iii)
that information or communications technology products or services be designed, developed, or manufactured in a particular manner.
(2)
Limitation
(3)
Definitions
In this subsection:
(A)
Critical infrastructure
(B)
Sector-specific agency
(Mar. 3, 1901, ch. 872, § 2, 31 Stat. 1449; July 22, 1950, ch. 486, § 1, 64 Stat. 371; Pub. L. 92–317, § 3(b), June 22, 1972, 86 Stat. 235; Pub. L. 100–235, § 3(1), Jan. 8, 1988, 101 Stat. 1724; Pub. L. 100–418, title V, § 5112(a), Aug. 23, 1988, 102 Stat. 1428; Pub. L. 102–245, title II, § 201(e), Feb. 14, 1992, 106 Stat. 19; Pub. L. 104–113, § 12(a), (b), Mar. 7, 1996, 110 Stat. 782; Pub. L. 110–69, title III, §§ 3002(c)(2)(A), 3013(b), Aug. 9, 2007, 121 Stat. 586, 598; Pub. L. 113–274, title I, § 101(a), (b), Dec. 18, 2014, 128 Stat. 2972; Pub. L. 114–329, title I, § 104(b)(4), title II, §§ 202(d), 205(a)(2)(B), title IV, § 403, Jan. 6, 2017, 130 Stat. 2976, 2998, 3000, 3023; Pub. L. 115–236, § 2(b), Aug. 14, 2018, 132 Stat. 2444; Pub. L. 117–167, div. B, title II, §§ 10223, 10228, 10242(a), Aug. 9, 2022, 136 Stat. 1477, 1481, 1487.)
cite as: 15 USC 272