In addition, the guidelines will continue to evolve, Ross said. While the White House Office of Management and Budget will set up the timeline for agencies to comply with this third version of the NIST cybersecurity guidelines, NIST will continue to refine the recommendations, he said.

Housman acknowledged that budget is a big issue for federal agencies. And even though he said the NIST recommendations don't go far enough, he called them a "big step forward" from past efforts.

However, U.S. President Barack Obama, in a late May speech, called for an end to the cybersecurity status quo, Housman added.

"This is a sort of a status-quo plus, which I call hack and patch," he said. "We've become complacent. We accept the fact that there are going to be hacks, and they're going to be successful, and we're going to have to patch them."