On September 22, 2021, Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo released a joint statement on the Department of Homeland Security’s issuance of preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives. The Preliminary Goals identify nine overarching control system cybersecurity performance goals, each containing specific objectives to support the deployment and operation of secure control systems.
Continue Reading DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
National Institute of Standards and Technology
UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect
Posted on
On October 1, 2021, Connecticut’s two new data security laws went into effect. The new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program.
Continue Reading UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect
NIST Holds a Two-Day Public Workshop on Cybersecurity Labeling Programs for Internet of Things Devices and Software
Posted on
On September 14 and 15, 2021, the National Institute of Standards and Technology held a public workshop, as part of its effort to create a consumer labeling program to communicate the security capabilities of consumer Internet of Things devices and software development practices, as mandated by the Biden administration’s May 2021 Executive Order on Improving the Nation’s Cybersecurity. …
Continue Reading NIST Holds a Two-Day Public Workshop on Cybersecurity Labeling Programs for Internet of Things Devices and Software
New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021
Posted on
Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks.
Continue Reading New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021
White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
Posted on
Posted in Cybersecurity, Information Security
On July 28, 2021, President Biden signed a National Security Memorandum that formally establishes an Industrial Control Systems Cybersecurity Initiative and directs the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology, in collaboration with other agencies, to develop and issue cybersecurity performance goals for critical infrastructure.
Continue Reading White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
NIST Publishes Proposed Principles for “Explainable” AI Systems
Posted on
Posted in General
On August 18, 2020, the U.S. National Institute of Standards and Technology published a draft report, Four Principles of Explainable Artificial Intelligence, which sets forth four proposed principles regarding the “explainability” of the decisions made by AI systems.
Continue Reading NIST Publishes Proposed Principles for “Explainable” AI Systems
Irish DPA Issues Guidance to Secure Cloud-Based Environments
Posted on
Posted in European Union, International
On March 19, 2020, the Irish Data Protection Authority published guidance to assist organizations in understanding their data security obligations and to mitigate their risks of a personal data breach when using cloud-based services.
Continue Reading Irish DPA Issues Guidance to Secure Cloud-Based Environments
NIST Releases Draft Privacy Framework
Posted on
Posted in Information Security, U.S. Federal Law
On September 6, 2019, the National Institute of Standards and Technology released a preliminary draft of its Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management.
Continue Reading NIST Releases Draft Privacy Framework
NIST Issues Draft Cybersecurity Guidelines for Federal Contractors Holding Highly Sensitive Unclassified Information
Posted on
Posted in Information Security
The National Institute of Standards and Technology’s recently issued draft SP 800-171B guidelines. This blog entry provides an overview of the prospective changes. …
Continue Reading NIST Issues Draft Cybersecurity Guidelines for Federal Contractors Holding Highly Sensitive Unclassified Information
NIST Seeks Public Comment on Managing Internet of Things Cybersecurity and Privacy Risks
Posted on
Posted in Cybersecurity, Information Security
The U.S. Department of Commerce’s National Institute of Standards and Technology recently announced that it is seeking public comment on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The document is to be the first in a planned series of publications that will examine specific aspects of the IoT topic.
Continue Reading NIST Seeks Public Comment on Managing Internet of Things Cybersecurity and Privacy Risks