Tag Archives: National Institute of Standards and Technology

GSA to Upgrade Cybersecurity Requirements

Recently, the General Services Administration announced its plan to upgrade its cybersecurity requirements in an effort to build upon the Department of Defense’s new cybersecurity requirements that became effective on December 31, 2017.… Continue Reading

NIST Releases Proposed Updates to Cybersecurity Framework

On January 10, 2017, the National Institute of Standards and Technology released proposed updates to the Framework for Improving Critical Infrastructure Cybersecurity, which include a new section on cybersecurity measurement and refinements to better account for authentication, authorization and identity proofing. … Continue Reading

NIST Releases Privacy Engineering and Risk Management Guidance for Federal Agencies

On January 4, 2017, the National Institute of Standards and Technology announced the final release of NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems. NISTIR 8062 describes the concept of applying systems engineering practices to privacy and sets forth a model for conducting privacy risk assessments on federal systems. … Continue Reading

NHTSA Releases New Automobile Cybersecurity Best Practices

The National Highway Safety Administration (“NHTSA”) recently issued non-binding guidance that outlines best practices for automobile manufacturers to address automobile cybersecurity. The guidance, entitled Cybersecurity Best Practices for Modern Vehicles (the “Cybersecurity Guidance”), was recently previewed in correspondence with the House of Representatives’ Committee on Energy and Commerce (“Energy and Commerce Committee”).… Continue Reading

NHTSA Set to Release New Automobile Cybersecurity Best Practices

On October 14, 2016, the National Highway Transportation Administration indicated in a letter to Congress that it intends to issue new best practices on vehicle cybersecurity. This letter came in response to an earlier request from the House Committee on Energy and Commerce that NHTSA convene an industry-wide effort to develop a plan to address vulnerabilities posed to vehicles by On-Board Diagnostics ports. … Continue Reading

HHS Releases Guidance on Health Apps and HIPAA Security Rule Crosswalk

Recently, the U.S. Department of Health and Human Services Office for Civil Rights published guidance on the use of mobile health apps as well as a crosswalk that maps the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Framework to the HIPAA Security Rule.… Continue Reading

Data Security Act Introduced in New York State Assembly

On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading

Centre’s Risk Workshop II in Brussels Emphasizes that Risk-Based Approach to Privacy Does Not Change Legal Obligations but Helps Calibrate Their Effective Implementation

On November 18, 2014, the Centre for Information Policy Leadership at Hunton & Williams held the second workshop in its ongoing work on the risk-based approach to privacy and a Privacy Risk Framework. Approximately 70 Centre members, privacy regulators and other privacy experts met in Brussels to discuss the benefits and challenges of the risk-based approach, operationalizing risk assessments within organizations, and employing risk analysis in enforcement. … Continue Reading

Hunton Global Privacy Update – March 2014

On March 18, 2014, the Hunton and Williams' Global Privacy and Cybersecurity practice group hosted the latest webcast in its Hunton Global Privacy Update series. This blog post provides a link to a recording of the session and previous updates.… Continue Reading

NIST Releases Final Cybersecurity Framework

On February 12, 2014, the National Institute of Standards and Technology issued the final Cybersecurity Framework, as required under Section 7 of the Obama Administration's February 2013 Executive Order, Improving Critical Infrastructure Cybersecurity. This blog entry highlights the final Framework and offers comparisons to the preliminary framework released in October of last year.… Continue Reading

Hunton Global Privacy Update – January 2014

On January 21, 2014, the Hunton and Williams Global Privacy and Cybersecurity practice group hosted the latest webcast in its Hunton Global Privacy Update series. This blog post provides a link to a recording of the session and previous updates. … Continue Reading
LexBlog