National Institute of Standards and Technology

News & Analysis as of

Healthcare Records Held Hostage: When ransomware attacks

Imagine for a moment that your hospital or physician practice suddenly cannot access its electronic medical records. There hasn’t been a natural disaster. No, instead you are inexplicably staring at a computer screen from an...more

NIST and FAIR develop tool to merge cybersecurity risk standards

One key issue when developing a cybersecurity protocol for your business is ensuring compliance with industry standards to protect your business and adequately address cybersecurity risks. Fail to comply with the standard for...more

Let’s talk about Networks of Things, baby. Let’s talk about you and me.

It is easy to see networks all around us. The printers at the office, your child’s videogame, the food ordering app on your phone, the fitness band or smart watch on your wrist, the electricity grid for your city, the...more

New FAA Legislation Expands Safety and Security Programs and Provides New Authorities for Drone Operators

Action Item: On July 15, 2016, President Obama signed into law H.R. 636, the FAA Extension, Safety, and Security Act of 2016 (“the Act,” Pub.L. 114-190). The Act extends the authorization of the Federal Aviation...more

NIST Recommends Against SMS as Second Authentication Factor

On July 29, Paul Grassi, the Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST) posted an unusual blog regarding the new draft NIST Special Publication 800-63-3: Digital...more

White Paper Describes Nanotechnology-Inspired Grand Challenge for Future Computing

The White House Office of Science and Technology Policy (OSTP) announced on July 29, 2016, that federal agencies released a white paper describing the collective federal vision for the emerging and innovative solutions needed...more

Automotive Industry Organization Releases Recommended Cybersecurity Best Practices

Auto-ISAC is not alone in its efforts to address potential cybersecurity risks imposed by connected vehicles. As we have previously discussed, in 2015 legislators introduced the SPY Car Act, which requires automakers to meet...more

House Committee Asks NIST To Improve Cybersecurity For Retailers, Internet Of Things

On June 7, 2016, the House of Representatives’ Committee on Appropriations (the “Committee”) reported out a funding bill that would fund the National Institute of Standards and Technology (“NIST”) to work with the retail...more

DSS Revises Cybersecurity Requirements for Contractors Handling Classified Information

On May 18, 2016, Department Security Service (DSS) recently approved Change 2 (Change 2) to the National Industrial Security Program Operating Manual (NISPOM). Change 2 significantly revised Chapter 8 of the NISPOM relating...more

Coming to a Government Contract Near You: Mandatory Information Safeguarding Requirements

The government recently finalized a sweeping amendment to the Federal Acquisition Regulation (“FAR”) that will impose basic information system safeguarding requirements on many federal acquisitions, marking the latest in the...more

NAIC Task Force Continues Work on Insurance Data Security Model Law

On May 24 and 25, the National Association of Insurance Commissioners (the NAIC) Cybersecurity (EX) Task Force (the Task Force) hosted a meeting in which state insurance commissioners and interested parties were invited to...more

IAIS Secretary General Considers Path to International Cybersecurity Standard

Last week, the National Association of Insurance Commissioners (NAIC) hosted the 2016 NAIC International Insurance Forum. The Forum addressed topics such as the management of catastrophic disaster risks, industry perspectives...more

A New Cybersecurity Regime and a New Regulation to Mandate Secure Information Systems for Government Contractors

Congress has enacted a recent wave of legislation to address ongoing cybersecurity threats; the Executive Branch, on May 12, 2016, adopted new cybersecurity regulations; and other Federal initiatives are underway and will...more

FAR Information System Security Standards Rules Finalized

The U.S. federal government announced on May 16, 2016, new Federal Acquisition Regulation (FAR) rules that set high-level standards for the basic safeguarding of contractor information systems that process, store or transmit...more

Final Government Contractor Basic Data Security Rule Issued

On May 16, 2016, the Federal Acquisition Regulations (“FAR”) Council published the final FAR rule on Basic Safeguarding of Contractor Information Systems. The rule is intended to prescribe “the most basic level” of...more

Cybersecurity, Boards and Cyber-Board "Experts": Caution Should Rule

A continuing frequent question from public companies is how a board should be constituted to oversee cybersecurity. Many public companies foist this additional burden on the audit committee. Those large enough to have a...more

Health Update - April 2016 #2

How to Prepare for "Phase Two" HIPAA Compliance Audits: Tips on Getting Ready for Scrutiny - Editor's Note: Now that the Department of Health and Human Services (HHS) has announced that it is beginning the next round of...more

FTC Releases "Cheat Sheet" for Developing a Secure Mobile Health Application

The Federal Trade Commission (FTC), in partnership with other federal agencies, has released an online tool that provides developers legal guidance for the creation of mobile health applications (apps). Companies that are...more

Preparing Your Organization Today to Win Its Future (Possibly Inevitable) Cyber Lawsuit: Making Crown Jewels Out of Paper

One day in the not too distant future, your organization may be fighting to protect its balance sheet against high-stakes claims in a cyber tort trial. Arrayed against you will be the best of the class action plaintiff’s...more

Digital Health Care Alert: Is Your Health Care App subject to HIPAA? The U.S. Department of Health & Human Services’ Office for...

OCR’s Compliance Guidance for Health Care App Developers - The U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) recently provided guidance (in the form of six “real-life” scenarios) to help...more

How Recent Cybersecurity Government Publications Impact HIPAA Security Compliance and the New Audit Initiative

Cybersecurity Impacts on HIPAA Security Compliance and the New Audit Initiative - New Audit Initiative Items to Watch - While The HHS Office for Civil Rights recently announced its intent to perform a second...more

NIST Framework Adoption Linked To Higher Security Confidence

A recent market survey of 338 IT and security professionals has revealed that adoption of the U.S. National Institute of Standard and Technology (“NIST”) Framework for Improving Critical Infrastructure Cybersecurity has led...more

Cyber Security IMPOSSIBLE: California AG Decides a Ceiling is a Floor

We all know why selecting appropriate data security standards is difficult. No two business are the same. Different businesses have different assets to protect and different bank accounts to tap. Different sized businesses...more

Fiduciary Regulation and How Recent Cybersecurity Government Publications Impact HIPAA Security Compliance and the New Audit...

Fiduciary Regulation - The Office of Management and Budget released the final Fiduciary or Conflict of Interest regulation and related prohibited transaction exemption modifications from its review today. The next...more

New Guidance Maps HIPAA Security Rule to NIST Cybersecurity Framework to Help Providers Manage Cybersecurity Risk

In a world of looming data breaches and significant penalties for the release of protected health information, the complexities of cybersecurity and compliance with the HIPAA Security Rule can be incredibly daunting. In 2014,...more

293 Results
|
View per page
Page: of 12
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×