National Institute of Standards and Technology

News & Analysis as of

FTC v. Wyndham: The Litigation Goes On, But Other Lessons To Learn

It’s fair to say that the opinion by the Third Circuit Court of Appeals in FTC v. Wyndham was a set-back for Wyndham, but for businesses it may be just the right wake-up call....more

Federal Appeals Court Recognizes for the First Time the FTC’s Authority to Enforce Cybersecurity Practices

On August 24, 2015, the Third Circuit Court of Appeals issued a much-awaited decision in FTC v. Wyndham Worldwide Corporation, holding that the Federal Trade Commission (FTC) has authority to regulate “unfair” or “deceptive”...more

NIST issues Cybersecurity Practice Guide for Electric Utilities

Yesterday, the National Cybersecurity Center of Excellence issued its NIST Cybersecurity Practice Guide, Draft Special Publication 1800-2 “Identity and Access Management for Electric Utilities.” The Guide is a result of...more

DoD's New Cybersecurity and Cloud Standards and Reporting Requirements

The Department of Defense (DoD) released interim rules implementing provisions of the 2013 and 2015 National Defense Authorization Acts. The rules, released on Aug. 26, 2015, are effective immediately and establish the...more

Defense Department Issues Interim Rule Requiring Contractor and Subcontractor Reporting of Cyber Incidents

On August 26, 2015, the Department of Defense (DoD) published a long-awaited Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to require “rapid” reporting of “cyber incidents” that result in...more

Not So Far Out: OMB Memo Indicates Cybersecurity FAR Clauses Are Coming Soon

On August 11, 2015, the Office of Management and Budget (“OMB”) released a draft policy memo entitled “Improving Cybersecurity Protections in Federal Acquisitions.” The purpose of the memo is to provide federal agencies with...more

The shifting sands of cybersecurity: DOD's interim rule further burdens contractors

The Department of Defense (DOD) earlier today issued an interim rule, effective immediately, that significantly increases existing cybersecurity requirements for DOD contractors. The requirements in the interim rule, have...more

New Guidance for Financial Institution Directors and Officers In Cybersecurity Preparedness

Earlier this summer, the Federal Financial Institutions Examination Council (FFIEC) released its highly anticipated Cybersecurity Assessment Tool (Assessment), which is designed to assist financial institutions in identifying...more

NIST Publishes Cybersecurity Standards Objectives

The National Institute of Standards and Technology has published a draft of its objectives for cybersecurity standardization, following in many ways the consultative model that it used successfully in drafting the NIST...more

NIST draft report: international cybersecurity standardization needed

An interagency working group led by The National Institute of Standards and Technology (NIST) and The Department of Commerce recently published a draft report (the “Report”) recommending that the U.S. government increase its...more

NIST Guide Highlights Cybersecurity Considerations for Utilities and Manufacturing Companies

In 2013 alone, the U.S. Department of Homeland Security (DHS) and its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to more than 256 cyber-incident reports—more than half of them in the energy...more

OMB Issues Guidance on Government Contractors’ Cybersecurity Systems

The Office of Management and Budget (OMB) released a draft guidance document on Aug. 11, 2015, titled “Improving Cybersecurity Protection in Federal Acquisitions” (the “OMB Guidance”). The OMB Guidance instructs agencies on...more

NIST Releases Draft Cybersecurity Practice Guide For Electronic Health Records

On July 22, the National Cybersecurity Center of Excellence (“NCCoE”), a U.S. government organization formed in 2012 within the National Institute of Standards and Technology (“NIST”), released a draft Cybersecurity Practice...more

New NIST Guide Advises Healthcare Companies on Securing Patient Health Information on Mobile Devices

In response to a growing demand for cybersecurity guidance in the health care industry, the National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence, recently published a...more

NIST Issues Draft Guidance for Mobile Health Data

With health care breaches constantly on the rise, increasing access to electronic health records (EHRs) from mobile devices, and more prevalent “shadow” cloud use, health care organizations are getting a bit of help from the...more

NIST releases draft guide for use of mobile devices for medical providers

The National Institute of Standards and Technology (NIST) cybersecurity center released a draft guide last week for health IT professionals to use to bolster security for the use of mobile devices in the health care industry....more

Cyber Risk Governance in the Digital Age

It has taken a while for companies to realize the value of digital assets, and it is also taking a while for companies to digest the significance of digital risks. In the digital economy, virtually all aspects of business...more

Higher Education Institutions Increasingly Falling Victim to Cyberattacks

Higher education institutions are treasure troves for hackers. Colleges and universities are huge repositories of research data, sensitive information for large populations of applicants and enrolled students (personal,...more

FERC, NERC and Business Blackout: New CIP Standards and Fictional Cyber Attacks

The Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) July 16, 2015, proposing to approve various Critical Infrastructure Protection (CIP) reliability standards proposed by the North...more

DOJ Cracks Down on Cyber Criminals

The Department of Justice (DOJ) recently announced the largest coordinated international law enforcement effort ever directed at an online cyber-criminal forum. Financial institutions and other companies should consider...more

Department of Education requests emergency review of Guaranty Agencies’ security over student financial aid information

On July 16, 2015, the Department of Education issued a request through notice to the Office of Management and Budget (OMB) for emergency clearance so that Federal Student Aid (FSA) can initiate a formal security assessment...more

Actions Foreshadow Uniform Cybersecurity Regulations for Federal Contractors - Two Recent Executive Agency Actions Lay the...

Federal government contractors handling Controlled Unclassified Information (CUI) should take notice of two recent executive agency actions. Combined, they lay the groundwork for a new cybersecurity clause to be added to the...more

FFIEC Cybersecurity Assessment Tool: Not Just For Financial Institutions

On June 30, 2015, the Federal Financial Institutions Examination Council (FFIEC) released its long anticipated Cybersecurity Assessment Tool (press release here). The FFIEC is a formal interagency organization empowered to...more

FFIEC’s Cybersecurity Assessment Tool: Guidance for CEOs and Boards - Senior Management and Boards Should Be Actively Addressing...

The Federal Financial Institutions Examination Council (FFIEC) released a Cybersecurity Assessment Tool (CAT) on June 30, 2015, to assist organizations in identifying cyber risks and assessing their cybersecurity...more

FFIEC’s Cybersecurity Assessment Tool: Guidance for CEOs and Boards - Senior Management and Boards Should Be Actively Addressing...

The Federal Financial Institutions Examination Council (FFIEC) released a Cybersecurity Assessment Tool (CAT) on June 30, 2015, to assist organizations in identifying cyber risks and assessing their cybersecurity...more

214 Results
|
View per page
Page: of 9

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×