On September 9, 2022, the National Highway Traffic Safety Administration announced its publication of final Cybersecurity Best Practices for the Safety of Modern Vehicles.
Continue Reading NHTSA Publishes Final Cybersecurity Best Practices
National Institute of Standards and Technology
New California Legislation Adds to Existing Smart Device Labeling Requirements
On September 6, 2022, the California legislature presented Assembly Bill 2392 to Governor Gavin Newsom. AB-2392, which has not yet been signed by Governor Newsom, would allow Internet-connected device manufacturers to satisfy existing device labeling requirements by complying with National Institute of Standards and Technology standards for consumer Internet of Things products.
Continue Reading New California Legislation Adds to Existing Smart Device Labeling Requirements
NIST Publishes New Draft Guidance on HIPAA Security Rule
On July 21, 2022, the National Institute of Standards and Technology released an updated draft of its HIPAA Security Rule guidance. …
Continue Reading NIST Publishes New Draft Guidance on HIPAA Security Rule
DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
On September 22, 2021, Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo released a joint statement on the Department of Homeland Security’s issuance of preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives. The Preliminary Goals identify nine overarching control system cybersecurity performance goals, each containing specific objectives to support the deployment and operation of secure control systems.
Continue Reading DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect
On October 1, 2021, Connecticut’s two new data security laws went into effect. The new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program.
Continue Reading UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect
NIST Holds a Two-Day Public Workshop on Cybersecurity Labeling Programs for Internet of Things Devices and Software
On September 14 and 15, 2021, the National Institute of Standards and Technology held a public workshop, as part of its effort to create a consumer labeling program to communicate the security capabilities of consumer Internet of Things devices and software development practices, as mandated by the Biden administration’s May 2021 Executive Order on Improving the Nation’s Cybersecurity. …
Continue Reading NIST Holds a Two-Day Public Workshop on Cybersecurity Labeling Programs for Internet of Things Devices and Software
New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021
Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks.
Continue Reading New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021
White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
On July 28, 2021, President Biden signed a National Security Memorandum that formally establishes an Industrial Control Systems Cybersecurity Initiative and directs the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology, in collaboration with other agencies, to develop and issue cybersecurity performance goals for critical infrastructure.
Continue Reading White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
NIST Publishes Proposed Principles for “Explainable” AI Systems
On August 18, 2020, the U.S. National Institute of Standards and Technology published a draft report, Four Principles of Explainable Artificial Intelligence, which sets forth four proposed principles regarding the “explainability” of the decisions made by AI systems.
Continue Reading NIST Publishes Proposed Principles for “Explainable” AI Systems
Irish DPA Issues Guidance to Secure Cloud-Based Environments
On March 19, 2020, the Irish Data Protection Authority published guidance to assist organizations in understanding their data security obligations and to mitigate their risks of a personal data breach when using cloud-based services.
Continue Reading Irish DPA Issues Guidance to Secure Cloud-Based Environments