Tag Archives: National Institute of Standards and Technology

Do You Have “Security Fatigue”?

Every day it seems a new data security breach has occurred, a new “cyber hack” is in the news…making us run to our phones, computers, bank accounts, you name it, to see if we could be the “one” affected. As a result, more and more online transactions, websites, financial institutions, for work or personal, require … Continue Reading

NIST Updates Digital Identity Guidelines for Federal Agencies

This month, the National Institute of Standards and Technology (NIST) announced in a Bulletin that it has updated its Digital Identity Guidelines, which “provides agencies with technical guidelines regarding the digital authentication of users to federal networked systems.” The Bulletin outlines the components of digital identity—identity proofing, authentication and federation for federal agencies to use … Continue Reading

NIST Releases Update to Cybersecurity Framework

The National Institute of Standards and Technology (NIST) has issued an update to its Framework for Improving Critical Infrastructure Cybersecurity, which includes information relating to managing supply chain risks, measuring methodology and reducing cybersecurity risks to organizations. The new guidance includes feedback that NIST has received following the release of the Framework in 2012, as … Continue Reading

NIST Releases Guidance on Internet of Things

The National Institute of Standards and Technology (NIST) recently released guidance for the makers of devices that use or are connected to the Internet to build robust security measures into the design of products from the get-go. The Guidance—NIST Special Publication 800-160, is the culmination of four years of research, and focuses on the engineering … Continue Reading

New Cybersecurity Profile Issued for Maritime Industry on Transfer of Hazardous Liquids in Ports

The National Institute of Standards and Technology (NIST) has teamed up with the United States Coast Guard(USCG) and private industry to issue a new cybersecurity document that will assist the maritime industry in securing the transportation of hazardous liquids in ports around the United States. The document is in response to the recognition that the … Continue Reading

DOT Issues Proposed Cybersecurity Guidance for Auto Industry

On Monday, October 24, 2016, the Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) issued proposed cybersecurity  guidance to the auto industry, including auto manufacturers and designers and manufacturers of vehicle systems and software, designed to assist the industry in developing best practices to safeguard vehicles’ systems against cyber-attacks and to protect the data … Continue Reading

Draft Cybersecurity Self-Assessment Tool Published

The National Institute of Standards and Technology (NIST) recently published a draft cybersecurity self-assessment tool entitled “The Baldrige Cybersecurity Excellence Builder,” which provides organizations with a tool to determine its security maturity level. According to the guide, it will assist organizations to: Determine cybersecurity-related activities that are important to business strategy and the delivery of … Continue Reading

NIST Extends Deadline for Comments to Mobile Device Infrastructure Guidance

All enterprises are struggling with the security risks posed by the use of mobile devices by employees. Companies want their employees to have easy access to information so that they can perform their job functions in an efficient and easy way, yet allowing easy access to company data through mobile devices are security professionals’ nightmare. … Continue Reading

The Cyber Regulation Drops

On September 13, 2016, Governor Andrew Cuomo announced the first proposed broadly applicable cyber regulation in the U.S. (the “Regulation”). The Regulation covers banks, insurance companies and other financial institutions (Covered Entities) regulated by the New York Department of Financial Services (the “DFS”). The Regulation is tightly focused, but with broad reach. It appears to … Continue Reading

NAIC Released Draft of Revised Insurance Data Security Model Law for Review

The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive standards… for data security and investigation and notification of a data breach” for “any person or entity licensed, authorized to operate, or … Continue Reading

NIST Recommends against SMS as Second Authentication Factor

On July 29, Paul Grassi, the Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST) posted an unusual blog regarding the new draft NIST Special Publication 800-63-3: Digital Authentication Guideline. The main issue that has created significant commentary by the press and businesses is NIST’s “deprecation” of using SMS (text messages) … Continue Reading

NIST seeks comments on randomness to protect sensitive information

The National Institute of Standards and Technology (NIST) announced last week that it is seeking comments on its draft publication “Recommendation for the Entropy Sources Used for Random Bit Generation.” What does this mean in layman’s terms? Basically, in order to protect private messages, cryptography is used to encrypt the messages into a form that cannot … Continue Reading

NIST seeks comments on Cybersecurity Framework

The National Institute of Standards and Technology (NIST) developed and issued its voluntary “Framework for Improving Critical Infrastructure Cybersecurity” (Framework) in response to a 2013 Executive Order in February of 2014. It was developed in collaboration with industry, academia and state and federal government officials. It has been widely praised and used as a valuable … Continue Reading

NIST issues Draft Framework for Cyber-Physical System

On September 18, 2015, the National Institute of Standards and Technology (NIST) issued its draft Framework for Cyber-Physical Systems (CPS), which is “intended to provide a methodology for understanding, designing and building CPS including those  with multiple applications.” CPS are smart systems that interact between physical and computational components. These interconnected and integrated systems “can … Continue Reading

NIST draft report: international cybersecurity standardization needed

An interagency working group led by The National Institute of Standards and Technology (NIST) and The Department of Commerce recently published a draft report (the Report) recommending that the U.S. government increase its efforts to develop international cybersecurity standards by coordinating with other governments and the private sector. Historically, U.S. standard setting efforts have been … Continue Reading

NIST releases draft guide for use of mobile devices for medical providers

The National Institute of Standards and Technology (NIST) cybersecurity center released a draft guide last week for health IT professionals to use to bolster security for the use of mobile devices in the health care industry. The use of smartphones and other mobile devices have exploded in use in the health care industry and according … Continue Reading
LexBlog