cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
s_t
Newcomer III

NIST resources are unavailable

Did anybody notice that US Dept of Commerce has ceased NIST operation and all online resources due to "lapse of budget funding"? I can't believe this is not a priority in such a situation...

9 Replies
Flyslinger2
Community Champion

I was a consultant to Commerce for PKI and was a victim of a two week shutdown with them right before Christmas a few years back.  Same story then. If you weren't essential personnel, which I wasn't, you were not working. Federal employees were guaranteed pay when they came back. Consultants and employees of contractors where not.

 

I have most of the NIST website offline especially all of the SP-8XX pdf's just for this reason.

rslade
Influencer II

> s_t (Viewer II) posted a new topic in Industry News on 12-27-2018 08:37 AM in

> Did anybody notice that US Dept of Commerce has ceased NIST operation and all
> online resources due to "lapse of budget funding"? I can't believe this is not a
> priority in such a situation...

That is completely bizarre.  Changing the site to say "we're not here" would, presumably, cost more than allowing it to run.  While the maintenance of the site has to be conducted over the long term, one would think that simply letting the current site stand for a few weeks would be the prudent thing to do in the circumstances.  One wonders if they were hit with an attack and had to shutter the site ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Flyslinger2
Community Champion

Or someone is not happy with Trump's politics and chooses this method to express themselves? 

Shannon
Community Champion


@Flyslinger2 wrote:

Or someone is not happy with Trump's politics and chooses this method to express themselves? 


 

If that's the case, it's a pity we all have to bear the costs...

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Baechle
Advocate I


@rslade wrote:


That is completely bizarre.  Changing the site to say "we're not here" would, presumably, cost more than allowing it to run.  While the maintenance of the site has to be conducted over the long term, one would think that simply letting the current site stand for a few weeks would be the prudent thing to do in the circumstances.  One wonders if they were hit with an attack and had to shutter the site ...


It's likely that the employees were directed to prepare these changes several days or weeks before the impending shutdown so that they could be turned on when needed.  During the last on-day shutdown I was considered non-essential, and I had to prepare voicemail messages and e-Mail "Out-of-Office" messages that identified why I was not available to agency customers. 

 

Taking the back-end databases and file repositories that host the documents offline is prudent so that they don't have to be cared for during the shutdown.  A "We're not here" message is a lot cleaner than just leaving the site up with broken links.

 

NIST publications and reports are still available at the Library of Congress archives.  The LOC is technically the official repository for those documents.  The portal on the NIST website was a convenient way of getting to pre-publication drafts and a mirror of the official releases.

 

- EB

CraginS
Defender I


@Flyslinger2 wrote:

Or someone is not happy with Trump's politics and chooses this method to express themselves? 


I fear Mark may be onto something. A quick check of several top level Departmental web sites directly affected by the shutdown shows the following:

Department of Justice, https://www.justice.gov/
Site is available, but static (unchanged content) with the following statement:

"Due to the lapse in appropriations, Department of Justice websites will not be regularly updated. The Department’s essential law enforcement and national security functions will continue. Please refer to the Department of Justice’s contingency plan for more information."

 

Department of Homeland Security, https://www.dhs.gov/

Site is available, but static (unchanged content) with the following statement:

"Due to the lapse in federal funding, this website will not be actively managed."

 

Department of Commerce, https://www.commerce.gov/

NOTE: this is the parent department for NIST.

Site is available, but static (unchanged content) with the following statement:

"Due to the lapse in Congressional Appropriations for Fiscal Year 2019, the U.S. Department of Commerce is closed. Commerce Department websites will not be updated until further notice. For more information, see Shutdown Due to Lapse of Congressional Appropriations."

 

However, when you go to the NIST site, https://www.nist.gov/

the situation is starkly different, with this message:

"NOTICE: Due to a lapse in government funding, this and almost all NIST-affiliated websites will be unavailable until further notice. Learn more
NIST websites for programs using non-appropriated funds (NVLAP and PSCR) or those that are excepted from the shutdown (such as NVD) will continue to be available and updated."

 

The NIST site managers appear to have taken a page from the Obama Administration during their big shutdown, where they went out of their way to close operations specifically to add pain to the general public. Actions at that time included putting up barriers on the National Mall to block access to the many memorials, including the World War II memorial, and to block the use of parking lots at the end of the George Washington Parkway to prevent visitors at Mount Vernon, which is NOT a government property and was not closed by the shutdown.

 

The fact that the NIST site was actively closed, rather than allowed to passively operate without update (as the DOJ, DHS, and Commerce sites did) does, indeed, suggest that malcontents in NIST went out of their way to cause pain.

 

Grandpa Rob @rslade is right.. it was lot more work to  close the entire site than to simply add a 'no one is home' sign to the home page, as DOJ, Commerce, and DHS did It is particularly noteworthy that Commerce did it right while NIST played the B$ game.

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Baechle
Advocate I

Dr. Shelton

 


@CraginS wrote:

The fact that the NIST site was actively closed, rather than allowed to passively operate without update (as the DOJ, DHS, and Commerce sites did) does, indeed, suggest that malcontents in NIST went out of their way to cause pain.

 

Grandpa Rob @rslade is right.. it was lot more work to  close the entire site than to simply add a 'no one is home' sign to the home page, as DOJ, Commerce, and DHS did It is particularly noteworthy that Commerce did it right while NIST played the B$ game.

That is an amazingly cynical statement.

 

First, here is the full collection of Special Publications from 1968 to the Present and practically every other document published by NIST, the CSD, and CSRC on the federal government’s official publication portal:

https://www.govinfo.gov/collection/nist

 

Second, if you do a bit of research on NIST, the CSD, and the CSRC you might eventually find that the CSRC is required to be contractor/industry operated by U.S. federal law since 2002:

https://www.govinfo.gov/content/pkg/PLAW-107publ305/pdf/PLAW-107publ305.pdf

 

Third, if you are aware of the requirements of shutdown’s impact on contractors you would know that they are basically required to not work, except to come in and shut down their operations as published in the 2017 Commerce Appropriations Lapse Plan:

https://www.commerce.gov/sites/default/files/2018-12/DOC%20Lapse%20Plan%20-%20OMB%20Approved%20-%20D...

 

The way contracts like this work, is it’s quite likely that the contracted “services” included providing the equipment that hosts the content.  It would basically be illegal for those servers to remain “up” and providing services that they’re not getting paid for; or at the least make the government liable to pay the contract provider for their use.

 

Sincerely,

 

Eric B.

 

 

dreastans
Newcomer III

This is ridiculous and is why I think that every person employed in the US should be paid to "shut down" when the government stops working.  Seriously, I am pretty sure our Congressmen and women aren't dying due to lack of funds just because they aren't showing up for a few sessions.


---
Andrea Stansbury- CISSP
CraginS
Defender I


@dreastans wrote:

 I am pretty sure our Congressmen and women aren't dying due to lack of funds just because they aren't showing up for a few sessions.


Andrea,

Congress is not affected by a "government shutdown," Members of Congress are still getting paid because they exempted themselves from any shutdown funds limit. Senators and Representatives are not meeting because they wanted to go on vacation.

See


Why are Trump and those in Congress still getting paid during the government shutdown?

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts