National Institute of Standards and Technology

The U.S. Department of Commerce’s National Institute of Standards and Technology recently announced that it is seeking public comment on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The document is to be the first in a planned series of publications that will examine specific aspects of the IoT topic.
Continue Reading

On January 10, 2017, the National Institute of Standards and Technology released proposed updates to the Framework for Improving Critical Infrastructure Cybersecurity, which include a new section on cybersecurity measurement and refinements to better account for authentication, authorization and identity proofing.
Continue Reading

On January 4, 2017, the National Institute of Standards and Technology announced the final release of NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems. NISTIR 8062 describes the concept of applying systems engineering practices to privacy and sets forth a model for conducting privacy risk assessments on federal systems.
Continue Reading

The National Highway Safety Administration (“NHTSA”) recently issued non-binding guidance that outlines best practices for automobile manufacturers to address automobile cybersecurity. The guidance, entitled Cybersecurity Best Practices for Modern Vehicles (the “Cybersecurity Guidance”), was recently previewed in correspondence with the House of Representatives’ Committee on Energy and Commerce (“Energy and Commerce Committee”).
Continue Reading

On October 14, 2016, the National Highway Transportation Administration indicated in a letter to Congress that it intends to issue new best practices on vehicle cybersecurity. This letter came in response to an earlier request from the House Committee on Energy and Commerce that NHTSA convene an industry-wide effort to develop a plan to address vulnerabilities posed to vehicles by On-Board Diagnostics ports.
Continue Reading