National Institute of Standards and Technology

News & Analysis as of

Congress Confirms NIST’s Role in Cybersecurity – and the Continuation of the Cybersecurity Framework

The Cybersecurity Enhancement Act of 2014 (CEA) was passed by the House and the Senate on December 11th, and signed by the President on the 18th. The bill formalizes the role of the National Institute for Standards and...more

Cybersecurity Legislation Focuses on Federal Government Initiatives – Leaves Private Sector Reforms for 2015

One of the few things the parties in Congress can agree upon these days is cybersecurity – at least when it comes to directing the federal government’s cyber activities. In its final days, the 113th Congress reached agreement...more

Congress Passes The Federal Information Security Modernization Act of 2014: Bringing Federal Agency Information Security into the...

The Federal Information Security Modernization Act of 2014 (FISMA) was passed by the Senate on December 8th, by the House on December 10th, and by the President on December 18th. It is a comprehensive bill intended to bring...more

An Update on the Cybersecurity Framework and Action Items for NIST

The National Institute of Standards and Technology (NIST) recently released an update on its Framework for Improving Critical Infrastructure Cybersecurity (The Framework). The Framework was first issued in February 2014 as a...more

Cyber-Breach & NISPOM Conforming Change 2 – It’s What’s on the Inside That Counts

Most companies are worried about external threats – things that are coming at their people, their group, their company, their government, all from an outside actor. Like government’s with an eye on counter-intelligence,...more

Interconnectivity And Information Sharing: Cause As Well As Cure for Cyber Attacks?

The modern day interconnected business creates a number of opportunities, but also brings with it massive issues relating to breach of privacy and data security in the form of cyber attacks, which cost companies and taxpayers...more

Privacy & Cybersecurity Update - November 2014

In This Issue: - EU Issues Guidelines on ‘Right to be Forgotten’ - FFIEC Observations on Bank Cybersecurity Provides Important Guidelines for Every Industry - Remarks by Comptroller Curry Highlight OCC...more

Shopping for the Cloud Made Easy – GSA’s Special Item Number Project for Cloud Computing and Request for Comments

On November 18, 2014, the General Services Administration (“GSA”) hosted an Industry Day seeking feedback on its proposal to add a Cloud Computing Special Item Number (“SIN”) on its IT Multiple Award Schedule 70 (“MAS...more

Cybersecurity Litigation Monthly Newsletter

In August, Paytime, Inc., a payroll services company, moved to dismiss a putative class action filed in the wake of a data breach in which the personal and financial information of more than 230,000 people was compromised. ...more

Just In Time for the Holidays: More Security Requirements From NIST

National Institute of Standards and Technology (NIST) has published draft recommendations aimed at securing the confidentiality of sensitive federal information located within non-federal entities’ information technology...more

NIST Draft Guide Advances the Debate on Cybersecurity Issues

Private sector entities looking to comment on the draft should focus on its recommendations surrounding sharing communities, standardized transfer mechanisms, and the handling of corporate legal considerations....more

The big data security risks of little things

We've focused so much about Big Brother and Big Data that we may be missing the real data security threat — little things. A tremendous data flow is being generated from the so-called Internet of Things, the interconnected...more

Intro to Cybersecurity Framework: New Mandatory NIST Standards for Government Contractors?

Cybersecurity remains one of the most important and least understood issues of the day. Last week, the National Institute of Standards and Technology (NIST) hosted a workshop in Tampa, Florida, to receive private sector...more

NIST Framework as Basis for Standard of Care for Cyber Security

When the National Institute of Standards and Technology (“NIST”) released its Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”), (a priority program for the federal Department of...more

SIFMA Issues Cybersecurity Regulatory Principles

Does everyone feel compelled to comment on cybersecurity issues? It seems that way. And on October 20th the Securities Industry and Financial Markets Association jumped deeper into the fray when it issued its Principles for...more

Government Conference Highlights Need for Protecting Health Information

The National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently highlighted the importance of protecting health information at the...more

A Different Kind of “Virus”: FDA Follows NIST Framework in Cybersecurity Guidance for Medical Devices

In past posts we’ve taken a close look at the Framework for Improving Critical Infrastructure Cybersecurity put forth by the National Institute of Standards and Technology (NIST), exploring its wide-ranging implications for...more

NIST RFI to Solicit Feedback on Cybersecurity Framework Closing: Good Opportunity to Assess Suggestions and Concerns

On Friday, October 10th, an opportunity to submit comments on a Request for Information concerning awareness and implementation of the “Framework for Improving Critical Infrastructure Cybersecurity” closes. Companies of all...more

Cliff Notes from the Joint OCR/NIST HIPAA Security Conference

As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more

Blog: OCR Rep Discusses HIPAA Violations, Enforcement Actions, and Upcoming Audit Program

Last week, the National Institute of Standards and Technology (“NIST”), in conjunction with the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”), hosted a conference entitled “Safeguarding Health...more

“LoProCo”, 12,915 Complaints, and Other Lessons from OCR/NIST

12,915 complaints were reported in 2013 to the Department of Health and Human Services Office of Civil Rights (“OCR”) according to Illiana L. Peters, Senior Adviser for HIPAA Compliance and Enforcement. Cozen O’Connor...more

NIST Vetting Guidance Valuable for Health Care Organizations Seeking to Use Third-Party Apps

The mobile app and wearables market in health care is booming, most recently evidenced by Apple’s entry into the market with its widely-anticipated “HealthKit,” a purportedly secure platform that allows mHealth apps to share...more

NIST Issues Draft Report Enumerating Risks and Protections to Consider When Evaluating Mobile Apps for Your Enterprise

As the world recovers from the excitement leading up to Tuesday’s Apple Live Event announcement of the new iPhone 6 and Apple Watch, mobile app developers are chomping at the bit to create software that leverages the new...more

Privacy & Cybersecurity Update - August 2014

In This Issue: - NIST Announces October Workshop and Releases Framewok Update - Insurance Company Succeeds in Cybersecurity Litigation - Safe Harbor Under Attack — This Time From a US Group -...more

NIST Seeks Comments on Cybersecurity Framework

The National Institute of Standards and Technology (NIST), publishers of the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”) last February, have published a Request for Information in the...more

165 Results
|
View per page
Page: of 7