Tag Archives: NIST

GAO Releases New Vehicle Data Privacy Report

On August 28, 2017, the U.S. Government Accountability Office (“GAO”) publicly released a report regarding consumer privacy issues associated with the rapidly increasing number of cars that are “connected”—i.e., capable of wirelessly monitoring, collecting, and transmitting information about their internal and external environments.  The report examines four key issues: (1) the types of data collected … Continue Reading

NIST Releases Fifth Revision of Special Publication 800-53

By Susan Cassidy, Jenny Martin, and Catlin Meade The National Institute of Standards and Technology (“NIST”) released on August 15, 2017 its proposed update to Special Publication (“SP”) 800-53.  NIST SP 800-53, which was last revised in 2014, provides information security standards and guidelines, including baseline control requirements, for implementation on federal information systems under … Continue Reading

Insurance Coverage Issues for Cyber-Physical Risks

The recent National Institute of Standards and Technology (NIST) publication of cybersecurity guidance for the Internet of Things (IoT) is a useful reminder that hacking incidents can result not only in privacy breaches, but also in bodily injury or property damage — via critical infrastructure, medical devices and hospital equipment, networked home appliances, or even … Continue Reading

NIST Releases Cybersecurity Guidance for Internet of Things

On November 15, 2016, the National Institute of Standards and Technology (NIST) released its final guidance providing engineering-based solutions to protect cyber-physical systems and systems-of-systems, including the Internet of Things (IoT), against a wide range of disruptions, threats, and other hazards.  NIST Special Publication 800-160 (the “Guidance”) is the result of four years of research … Continue Reading

NIST Releases Cybersecurity Guide for Small Businesses

The National Institute of Standards and Technology (NIST) released guidance today designed to help small businesses improve their cybersecurity preparedness.  The document, Small Business Information Security: The Fundamentals, is based on NIST’s 2014 Framework for Improving Critical Infrastructure Cybersecurity, a widely used cybersecurity framework (Cybersecurity Framework).  For additional background on the Cybersecurity Framework, please see … Continue Reading

FTC Maps Its Cybersecurity Requirements to NIST Cybersecurity Framework Core Functions

By Catlin Meade and Jenny Martin On August 31, 2016 the FTC posted a blog addressing whether compliance with the NIST Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”) necessarily constitutes compliance with FTC cybersecurity practices. The FTC answers this question with a resounding “No” and specifically states:  “there’s really no such thing as ‘complying … Continue Reading

FTC Requests Comments on the Safeguards Rule

The Federal Trade Commission (“FTC” or “Commission”) is soliciting public comments on its Standards for Safeguarding Customer Information (“Safeguards Rule”) as part of the systematic review of all FTC rules and guides on a 10-year schedule.  The Safeguards Rule was promulgated by the Commission pursuant to the Gramm-Leach-Bliley Act’s (“GLBA”) directive for federal agencies to … Continue Reading

Obama Administration Releases Final Data Security Policy Principles and Framework for Its Precision Medicine Initiative

Last week, our colleague Shruti Barker published an article on the Inside Medical Devices Blog, discussing eight data security principles that companies participating in the Precision Medicine Initiative should aim to meet.  The Administration’s guidance document additionally recommends a basic framework that organizations collecting, storing, and sharing patient information should adopt as current best practices.  The … Continue Reading

NIST Releases Preliminary Cybersecurity Framework

Today the National Institute of Standards and Technology (“NIST”) issued a discussion draft of a “Preliminary Cybersecurity Framework.” Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity tasked NIST with developing a “Cybersecurity Framework” “to reduce cyber risks to critical infrastructure.”  The Order specifies that the Framework must “provide a prioritized, flexible repeatable, performance-based, and cost-effective … Continue Reading

Senators Rockefeller and Thune Introduce “Cybersecurity Act of 2013”

In advanced of a July 25 Senate Commerce Committee hearing on “The Partnership Between NIST and the Private Sector: Improving Cybersecurity,” Chairman Jay Rockefeller (D-WV) and Ranking Member John Thune (R-SD) introduced the “Cybersecurity Act of 2013” (S. 1353). The bill avoids controversial topics such as information sharing and regulation of critical infrastructure cybersecurity and … Continue Reading

Covington Files Comments on Cybersecurity Incentives

Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity directs the National Institute of Standards and Technology (“NIST”) to develop a Cybersecurity Framework  of standards, methodologies, and processes for addressing cybersecurity risk.  It also charges the Department of Homeland Security with developing a Critical Infrastructure Cybersecurity Program to promote adoption of the Cybersecurity Framework by critical … Continue Reading

NIST Announces Privacy Technology Grants

Recently, the National Institute of Standards and Technology (NIST) announced over $9 million in grants to five U.S. entities to develop technologies to “pilot identity solutions that increase confidence in online transactions, prevent identity theft, and provide individuals with more control over how they share their personal information.”  Funded projects will address issues including commerce, … Continue Reading

NIST Issues Guidelines on Public Cloud Security, Privacy

The U.S. Department of Commerce’s National Institute of Standards and Technology on Tuesday released a final version of its guidelines for how organizations — particularly federal agencies — should manage security and privacy concerns when considering the use of public cloud-computing services. Public cloud services, unlike private clouds, require users to store their data on … Continue Reading

NIST Releases Draft Roadmap for the U.S. Government’s Implementation of Cloud Technology

Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released for public comment a draft roadmap for implementing cloud computing technology across U.S. government agencies.  The roadmap is intended to foster adoption of cloud computing by federal agencies, reduce uncertainty surrounding cloud computing by improving the information available to policymakers, and facilitate … Continue Reading

Privacy and Security Requirements for Handling Government Records Under Scrutiny

Government agencies maintain large quantities of information about individuals, covering everything from physical description to the person’s family life, property, political activity, employment history, criminal records, and health condition.  In a light of a recent finding that reports of information-security incidents at federal agencies have increased more than 650 percent over the past five years, … Continue Reading

Obama Administration Unveils Identity Ecosystem Vision

On Friday, the Obama Administration unveiled the final draft of its ambitious National Strategy for Trusted Identities in Cyberspace (NSTIC), which seeks to develop new and more secure systems for identity authentication online, creating  new “Identity Ecosystem.”  Secretary of Commerce Gary Locke as well as other officials unveiled the NSTIC (pronounced “en-stick”), which is signed … Continue Reading

Animation Explains National Strategy for Trusted Identities in Cyberspace

A few months ago, the Obama Administration introduced its National Strategy for Trusted Identities in Cyberspace (NSTIC), an ambitious proposal to implement public-private partnerships to implement a new mechanism for identity verification and information sharing online.  The plan has been controversial.  Although there have been many legitimate criticisms of the proposal, other objections, such as … Continue Reading
LexBlog