The U.S. Department of Commerce’s National Institute of Standards and Technology recently announced that it is seeking public comment on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The document is to be the first in a planned series of publications that will examine specific aspects of the IoT topic.
Continue Reading
National Institute of Standards and Technology
NIST Launches Privacy Framework Effort
Posted on
Posted in Cybersecurity, Information Security
On September 4, 2018, the Department of Commerce’s National Institute of Standards and Technology announced a collaborative project to develop a voluntary privacy framework to help organizations manage privacy risk.…
Continue Reading
GSA to Upgrade Cybersecurity Requirements
Posted on
Recently, the General Services Administration announced its plan to upgrade its cybersecurity requirements in an effort to build upon the Department of Defense’s new cybersecurity requirements that became effective on December 31, 2017.…
Continue Reading
NIST Releases Proposed Updates to Cybersecurity Framework
Posted on
Posted in Cybersecurity
On January 10, 2017, the National Institute of Standards and Technology released proposed updates to the Framework for Improving Critical Infrastructure Cybersecurity, which include a new section on cybersecurity measurement and refinements to better account for authentication, authorization and identity proofing. …
Continue Reading
NIST Releases Privacy Engineering and Risk Management Guidance for Federal Agencies
Posted on
Posted in Information Security
On January 4, 2017, the National Institute of Standards and Technology announced the final release of NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems. NISTIR 8062 describes the concept of applying systems engineering practices to privacy and sets forth a model for conducting privacy risk assessments on federal systems. …
Continue Reading
NIST Issues Guidance on Cybersecurity for Internet-Connected Devices
Posted on
Posted in Cybersecurity, Information Security
On November 14, 2016, the National Institute of Standards and Technology published guidance on cybersecurity for internet-connected devices, Systems Security Engineering: Considerations for A Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. …
Continue Reading
NHTSA Releases New Automobile Cybersecurity Best Practices
Posted on
The National Highway Safety Administration (“NHTSA”) recently issued non-binding guidance that outlines best practices for automobile manufacturers to address automobile cybersecurity. The guidance, entitled Cybersecurity Best Practices for Modern Vehicles (the “Cybersecurity Guidance”), was recently previewed in correspondence with the House of Representatives’ Committee on Energy and Commerce (“Energy and Commerce Committee”).…
Continue Reading
NHTSA Set to Release New Automobile Cybersecurity Best Practices
Posted on
Posted in Cybersecurity
On October 14, 2016, the National Highway Transportation Administration indicated in a letter to Congress that it intends to issue new best practices on vehicle cybersecurity. This letter came in response to an earlier request from the House Committee on Energy and Commerce that NHTSA convene an industry-wide effort to develop a plan to address vulnerabilities posed to vehicles by On-Board Diagnostics ports. …
Continue Reading
NIST Survey Suggests Online Users Suffer from Security Fatigue
Posted on
Posted in Cybersecurity, Online Privacy
A recent study from the National Institute of Standards and Technology warns that an overabundance of computer security measures might actually lead users to engage in “risky computing behavior at work and in their personal lives.”…
Continue Reading
HHS Releases Guidance on Health Apps and HIPAA Security Rule Crosswalk
Posted on
Posted in Cybersecurity, Health Privacy
Recently, the U.S. Department of Health and Human Services Office for Civil Rights published guidance on the use of mobile health apps as well as a crosswalk that maps the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Framework to the HIPAA Security Rule.…
Continue Reading