The standards provision, added to the proposed Cyber Security Research and Development Act late last week by Sen. John Edwards, D-N.C., is a sticking point for industry groups, which say it could pose a threat to national security by encouraging the use of old technology.
The Business Software Alliance (BSA) and the Information Technology Association of America on Friday both issued letters arguing against the addition, which calls for the National Institute of Science and Technology (NIST) to establish security guidelines for federal agencies.
"The way (the provision) is written implies that NIST has to set forth a technical specification. If I were a NIST person looking at that, I would believe I was tasked with saying to agencies, 'You should have this software and this hardware,'" said Mario Correa, director of Internet and network security policy at the BSA.
The problem with specific technical standards, Correa said, is that they could quickly become outdated, posing security threats that could trickle down to the private industry.
"Software developers aren't going to develop two or three variations on a product," he said. "If you have a purchaser as large as the federal government (buying one version), you're going to influence the market."
A representative for Sen. Ron Wyden, D-Ore., the bill's sponsor, said the senator has pledged to work with industry representatives to resolve their concerns.
The bill also authorizes more than $900 million in grants, training and education into computer security. The BSA and the Information Technology Association of America both said they support the rest of the legislation.
The Cyber Security Research and Development Act now heads to the full Senate for approval.
The bill is one of several proposed laws that deal with cybersecurity and homeland defense, including: