On March 19, 2020, the Irish Data Protection Authority published guidance to assist organizations in understanding their data security obligations and to mitigate their risks of a personal data breach when using cloud-based services.
Continue Reading
National Institute of Standards and Technology
NIST Releases Draft Privacy Framework
Posted on
Posted in Information Security, U.S. Federal Law
On September 6, 2019, the National Institute of Standards and Technology released a preliminary draft of its Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management.…
Continue Reading
NIST Issues Draft Cybersecurity Guidelines for Federal Contractors Holding Highly Sensitive Unclassified Information
Posted on
Posted in Information Security
The National Institute of Standards and Technology’s recently issued draft SP 800-171B guidelines. This blog entry provides an overview of the prospective changes. …
Continue Reading
NIST Seeks Public Comment on Managing Internet of Things Cybersecurity and Privacy Risks
Posted on
Posted in Cybersecurity, Information Security
The U.S. Department of Commerce’s National Institute of Standards and Technology recently announced that it is seeking public comment on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The document is to be the first in a planned series of publications that will examine specific aspects of the IoT topic.…
Continue Reading
NIST Launches Privacy Framework Effort
Posted on
Posted in Cybersecurity, Information Security
On September 4, 2018, the Department of Commerce’s National Institute of Standards and Technology announced a collaborative project to develop a voluntary privacy framework to help organizations manage privacy risk.…
Continue Reading
GSA to Upgrade Cybersecurity Requirements
Posted on
Recently, the General Services Administration announced its plan to upgrade its cybersecurity requirements in an effort to build upon the Department of Defense’s new cybersecurity requirements that became effective on December 31, 2017.…
Continue Reading
NIST Releases Proposed Updates to Cybersecurity Framework
Posted on
Posted in Cybersecurity
On January 10, 2017, the National Institute of Standards and Technology released proposed updates to the Framework for Improving Critical Infrastructure Cybersecurity, which include a new section on cybersecurity measurement and refinements to better account for authentication, authorization and identity proofing. …
Continue Reading
NIST Releases Privacy Engineering and Risk Management Guidance for Federal Agencies
Posted on
Posted in Information Security
On January 4, 2017, the National Institute of Standards and Technology announced the final release of NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems. NISTIR 8062 describes the concept of applying systems engineering practices to privacy and sets forth a model for conducting privacy risk assessments on federal systems. …
Continue Reading
NIST Issues Guidance on Cybersecurity for Internet-Connected Devices
Posted on
Posted in Cybersecurity, Information Security
On November 14, 2016, the National Institute of Standards and Technology published guidance on cybersecurity for internet-connected devices, Systems Security Engineering: Considerations for A Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. …
Continue Reading
NHTSA Releases New Automobile Cybersecurity Best Practices
Posted on
The National Highway Safety Administration (“NHTSA”) recently issued non-binding guidance that outlines best practices for automobile manufacturers to address automobile cybersecurity. The guidance, entitled Cybersecurity Best Practices for Modern Vehicles (the “Cybersecurity Guidance”), was recently previewed in correspondence with the House of Representatives’ Committee on Energy and Commerce (“Energy and Commerce Committee”).…
Continue Reading