National Institute of Standards and Technology Cybersecurity

News & Analysis as of

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more

SEC Settles Charges Against Investment Firm that Failed to Adopt Cybersecurity Policies Before Data Breach

Recently, the SEC announced that R.T. Jones Capital Equities Management, a St. Louis-based investment adviser, agreed to settle charges that it failed to establish the required cybersecurity policies and procedures before a...more

FTC v. Wyndham: The Third Circuit Recognizes FTC Authority to Regulate Commercial Cyber Security Practices

In 2014, the United States Court of Appeals for the Third Circuit ruling in FTC v. Wyndham Worldwide Corporation agreed to hear an immediate appeal on two issues: “whether the FTC has authority to regulate cybersecurity under...more

SEC’s OCIE Issues a Second Cybersecurity Risk Alert

On Sept. 15, 2015, the Securities Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) published its second cybersecurity risk alert (the “2015 Risk Alert”). The 2015 Risk Alert is a follow up to...more

SEC OCIE Sharpens Focus on Cybersecurity

If you read one thing... - On September 15th, the SEC OCIE announced in a Risk Alert it will launch a second round of cybersecurity examinations of registered broker-dealers and investment advisers, which will be more...more

Disclosure Of Numerous Hacks At The U.S. Department Of Energy Renews Cybersecurity Concerns In The Energy Sector

Records produced by the U.S. Department of Energy (“DOE”) to USA TODAY under a Freedom of Information Act request revealed over 150 successful cyber intrusions into DOE computer systems between 2010 and 2014. Concerns about...more

SEC Continues to Focus on Cybersecurity Risks

On September 15, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a risk alert regarding the SEC’s ongoing cybersecurity examinations of registered broker-dealers...more

Data Breach Response Planning: Laying the Right Foundation

Part of Bradley Arant’s Privacy and Information Security Team’s seven-part Data Breach Toolkit Webinar Series, the “Data Breach Response Planning: Laying the Right Foundation” webinar, led by Paige Boshell and Amy Leopard,...more

Incident Response Practice Tip: Balance Meeting Breach Notification Deadlines With Securing Your Network

State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident....more

The OMB’s New Cybersecurity Guidance for Federal Contractors

Is Controlled Unclassified Information Out of Control? The OMB apparently thinks so. On August 11, 2015, the Obama administration, through the Office of Management and Budget (OMB), which is the largest office within the...more

Wyndham Opinion Affirms FTC’s Power to Regulate Cybersecurity Practices

On August 24, 2015, the Third Circuit affirmed the United States District Court for the District of New Jersey’s denial of a motion to dismiss in FTC v. Wyndham Worldwide Corp. In Wyndham, the Federal Trade Commission...more

Cybersecurity Update: National Futures Association Proposes Cybersecurity Guidance Setting Forth General Requirements for Member...

The National Futures Association (“NFA”) submitted to the Commodity Futures Trading Commission (“CFTC”) on August 28, 2015 a proposed Interpretive Notice (“Proposed Guidance”) for CFTC’s approval, which provides guidance to...more

NFA Proposes Cybersecurity Guidance for Derivatives Traders

On August 28, 2015, the National Futures Association (NFA) submitted a proposed interpretative notice (Notice) to the Commodity Futures Trading Commission (CFTC) to require information systems security programs (ISSPs). If...more

National Futures Association Proposes Cybersecurity Guidance for NFA Member Firms

NFA links NFA’s supervisory requirements with its proposed requirements mandating that NFA Members have information systems security programs. The National Futures Association (NFA) has proposed cybersecurity...more

Government Websites With Cybersecurity Tips & Information

As part of the government’s recent clarion call to improve our individual and collective cybersecurity posture, several federal and state agencies have released a variety of guidelines, frameworks, best practices and tips. ...more

FTC Can Regulate Cybersecurity Practices, Third Circuit Rules

The Federal Trade Commission (FTC) can regulate cybersecurity policies and procedures as “unfair” acts or practices under Section 5 of the FTC Act, the U.S. Court of Appeals for the Third Circuit has ruled in a very important...more

DoD New Cyber Security Reporting Rules for Contractors

In a move that highlights the changing winds of federal cybersecurity policy, the Department of Defense (“DoD”) has issued an interim Rule (“Rule”) that imposes new security and reporting requirements on federal contractors,...more

Security Frameworks 101: Which is Right for my Organization?

These days information security is on the minds of virtually all technology professionals and business executives alike. But how does an organization ensure that their security profile is adequate. It can certainly help to...more

FTC v. Wyndham: The Litigation Goes On, But Other Lessons To Learn

It’s fair to say that the opinion by the Third Circuit Court of Appeals in FTC v. Wyndham was a set-back for Wyndham, but for businesses it may be just the right wake-up call....more

Federal Appeals Court Recognizes for the First Time the FTC’s Authority to Enforce Cybersecurity Practices

On August 24, 2015, the Third Circuit Court of Appeals issued a much-awaited decision in FTC v. Wyndham Worldwide Corporation, holding that the Federal Trade Commission (FTC) has authority to regulate “unfair” or “deceptive”...more

NIST issues Cybersecurity Practice Guide for Electric Utilities

Yesterday, the National Cybersecurity Center of Excellence issued its NIST Cybersecurity Practice Guide, Draft Special Publication 1800-2 “Identity and Access Management for Electric Utilities.” The Guide is a result of...more

DoD's New Cybersecurity and Cloud Standards and Reporting Requirements

The Department of Defense (DoD) released interim rules implementing provisions of the 2013 and 2015 National Defense Authorization Acts. The rules, released on Aug. 26, 2015, are effective immediately and establish the...more

Defense Department Issues Interim Rule Requiring Contractor and Subcontractor Reporting of Cyber Incidents

On August 26, 2015, the Department of Defense (DoD) published a long-awaited Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to require “rapid” reporting of “cyber incidents” that result in...more

Not So Far Out: OMB Memo Indicates Cybersecurity FAR Clauses Are Coming Soon

On August 11, 2015, the Office of Management and Budget (“OMB”) released a draft policy memo entitled “Improving Cybersecurity Protections in Federal Acquisitions.” The purpose of the memo is to provide federal agencies with...more

The shifting sands of cybersecurity: DOD's interim rule further burdens contractors

The Department of Defense (DOD) earlier today issued an interim rule, effective immediately, that significantly increases existing cybersecurity requirements for DOD contractors. The requirements in the interim rule, have...more

205 Results
View per page
Page: of 9

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.