National Institute of Standards and Technology

News & Analysis as of

DoD issues final rule on covered defense information clarifying contractor obligations

The US Department of Defense (DoD) issued a rule on Friday, October 21, 2016, finalizing its information security and cyber incident reporting requirements. The rule, Network Penetration Reporting and Contracting for Cloud...more

FFIEC Issues FAQs on the Cybersecurity Assessment Tool

On October 18, 2016, the Federal Financial Institutions Examination Council (FFIEC) issued answers to frequently asked questions (FAQs) to clarify points in FFEIC’s Cybersecurity Assessment Tool (Assessment). FFIEC released...more

FCC Wades Back Into Data Privacy and Security for ISPs With Revised Privacy Proposal

Recently, Federal Communications Commission (FCC or Commission) Chairman Tom Wheeler circulated to the Commission a revised proposed order to regulate the data privacy and security practices of internet service providers...more

NIST Extends Deadline for Comments to Mobile Device Infrastructure Guidance

All enterprises are struggling with the security risks posed by the use of mobile devices by employees. Companies want their employees to have easy access to information so that they can perform their job functions in an...more

Draft Cybersecurity Self-Assessment Tool Published

The National Institute of Standards and Technology (NIST) recently published a draft cybersecurity self-assessment tool entitled “The Baldrige Cybersecurity Excellence Builder,” which provides organizations with a tool to...more

New NIST Study Shows Risks of Security Fatigue

The National Institute of Standards and Technology (NIST) recently published a new article that finds that most typical computer users experience security fatigue that leads users to engage in risky behavior when they are at...more

GAO Study Slams HHS For Lack of Guidance to Covered Entities

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only...more

FTC: NIST Framework Not Automatic Compliance

In a recent blogpost the Federal Trade Commission made clear that a company does not necessarily meet its information obligations arising from Section 5 of the FTC Act through use of the National Institute of Standards and...more

The Cyber Regulation Drops

On September 13, 2016, Governor Andrew Cuomo announced the first proposed broadly applicable cyber regulation in the U.S. (the “Regulation”). The Regulation covers banks, insurance companies and other financial institutions...more

GAO Calls on HHS to Strengthen Electronic Health Info Security, Privacy Guidance and Oversight

In light of recent health information data breaches, the Government Accountability Office has issued a report examining whether HHS security and privacy guidance for electronic health records (EHRs) are consistent with...more

"Privacy & Cybersecurity Update - September 2016"

In this edition of our Privacy & Cybersecurity Update, we examine the Sixth Circuit's decision to allow injury-in-fact to be established by alleging a "substantial risk of harm" in a data breach case, New York state's...more

Blog: GAO Criticizes HHS In Health Information Cybersecurity Report

On Monday, the Government Accountability Office (“GAO”) released a report (the “Report”) criticizing the U.S. Department of Health and Human Services (“HHS”) security and privacy guidance and oversight in protecting...more

Bill Proposes Tax Incentives For Data Breach Insurance

On September 14, 2016, U.S. Representative Ed Perlmutter (D-Colo.) introduced the “Data Breach Insurance Act,” which would incentivize private industry to enhance its cybersecurity posture by providing federal income tax...more

The serious security vulnerabilities of mobile devices

If you have wondered about security threats to your mobile device, a recent report of the National Institute of Standards and Technology may answer some of your questions — and increase your fears. The report,...more

September Privacy and Security Updates

Although National Cyber Security Month isn’t until October, September has brought plenty of privacy and security updates that health care companies need to be aware of. In this post, we review guidance from the Office for...more

Advertising Law - September 2016 #2

FTC Gives Academic Journals a Failing Grade - The Federal Trade Commission recently filed suit against the publisher of online academic journals that the agency accused of deceiving academics and researchers. OMICS...more

Report Suggests Organizations Still Vulnerable to Credential Management and Network Segmentation Attacks

The Multi-State Information Sharing and Analysis Center (MS-ISAC) published its 2016 mid-year review on August 22, 2016, highlighting large incidents of malware infections, with particular emphasis on ransomware and click...more

FFIEC Provides Concrete Guidance on Setting Up Information Security Programs

The Federal Financial Institutions Examination Council (FFIEC)—the interagency body tasked with setting uniform principals and standards for the examination of financial institutions by federal prudential regulators,...more

FTC Round-Up: NIST Framework Compliance Is Not Enough and Looming Ransomware Enforcement Activity

On August 31st and September 7th, 2016, the Federal Trade Commission (FTC) provided guidance regarding cybersecurity standards, which companies should consider when assessing their current data security posture....more

FTC Makes Clear that NIST Cyber Framework is Not a Cure-All

Last week, the FTC published a blog post titled The NIST Cybersecurity Framework and the FTC, in which the agency issued a nuanced answer to an oft-asked question: “If I comply with the NIST Cybersecurity Framework, am I...more

Ransomware Prevention Highlighted at FTC Technology Workshop

The Federal Trade Commission kicked-off its series of fall technology events with an afternoon workshop exploring ransomware on Wednesday, September 7. While malicious computer code is nothing new, infiltrating computer...more

NAIC Releases Draft of Revised Insurance Data Security Model Law for Review

The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive...more

NAIC Released Revised Insurance Data Security Model Law Draft For Review

The National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive...more

Federal Trade Commission Invites Comments on Gramm-Leach-Bliley Act (GLB) Safeguards Rule

‘Tis the season for listening. Joining a previous Presidential Commission invitation, the Federal Trade Commission (the FTC) is now seeking comments on the GLB Safeguards Rule. The GLB Safeguards Rule, which took effect in...more

FTC Seeks Public Comment on Safeguards Rule and Proposed Changes

On August 29, 2016, the FTC announced it is seeking public comment on its Safeguards Rule as part of a systematic review of all FTC rules and guides. The Safeguards Rule came into force in 2003 after the Gramm-Leach-Bliley...more

320 Results
View per page
Page: of 13
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.