Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks.
Continue Reading New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021
National Institute of Standards and Technology
White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
Posted on
Posted in Cybersecurity, Information Security
On July 28, 2021, President Biden signed a National Security Memorandum that formally establishes an Industrial Control Systems Cybersecurity Initiative and directs the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology, in collaboration with other agencies, to develop and issue cybersecurity performance goals for critical infrastructure.
Continue Reading White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
NIST Publishes Proposed Principles for “Explainable” AI Systems
Posted on
Posted in General
On August 18, 2020, the U.S. National Institute of Standards and Technology published a draft report, Four Principles of Explainable Artificial Intelligence, which sets forth four proposed principles regarding the “explainability” of the decisions made by AI systems.
Continue Reading NIST Publishes Proposed Principles for “Explainable” AI Systems
Irish DPA Issues Guidance to Secure Cloud-Based Environments
Posted on
Posted in European Union, International
On March 19, 2020, the Irish Data Protection Authority published guidance to assist organizations in understanding their data security obligations and to mitigate their risks of a personal data breach when using cloud-based services.
Continue Reading Irish DPA Issues Guidance to Secure Cloud-Based Environments
NIST Releases Draft Privacy Framework
Posted on
Posted in Information Security, U.S. Federal Law
On September 6, 2019, the National Institute of Standards and Technology released a preliminary draft of its Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management.
Continue Reading NIST Releases Draft Privacy Framework
NIST Issues Draft Cybersecurity Guidelines for Federal Contractors Holding Highly Sensitive Unclassified Information
Posted on
Posted in Information Security
The National Institute of Standards and Technology’s recently issued draft SP 800-171B guidelines. This blog entry provides an overview of the prospective changes. …
Continue Reading NIST Issues Draft Cybersecurity Guidelines for Federal Contractors Holding Highly Sensitive Unclassified Information
NIST Seeks Public Comment on Managing Internet of Things Cybersecurity and Privacy Risks
Posted on
Posted in Cybersecurity, Information Security
The U.S. Department of Commerce’s National Institute of Standards and Technology recently announced that it is seeking public comment on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The document is to be the first in a planned series of publications that will examine specific aspects of the IoT topic.
Continue Reading NIST Seeks Public Comment on Managing Internet of Things Cybersecurity and Privacy Risks
NIST Launches Privacy Framework Effort
Posted on
Posted in Cybersecurity, Information Security
On September 4, 2018, the Department of Commerce’s National Institute of Standards and Technology announced a collaborative project to develop a voluntary privacy framework to help organizations manage privacy risk.
Continue Reading NIST Launches Privacy Framework Effort
GSA to Upgrade Cybersecurity Requirements
Posted on
Recently, the General Services Administration announced its plan to upgrade its cybersecurity requirements in an effort to build upon the Department of Defense’s new cybersecurity requirements that became effective on December 31, 2017.
Continue Reading GSA to Upgrade Cybersecurity Requirements
NIST Releases Proposed Updates to Cybersecurity Framework
Posted on
Posted in Cybersecurity
On January 10, 2017, the National Institute of Standards and Technology released proposed updates to the Framework for Improving Critical Infrastructure Cybersecurity, which include a new section on cybersecurity measurement and refinements to better account for authentication, authorization and identity proofing. …
Continue Reading NIST Releases Proposed Updates to Cybersecurity Framework