The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive standards… for data security and investigation and notification of a data breach” for “any person or entity licensed, authorized to operate, or registered” pursuant to state insurance laws. The Model Law was first released in April of this year and received over 40 comments from trade associations, market participants and regulators. This week, at the NAIC National Summer Meeting, the Task Force met with interested parties to discuss comments on this new draft and written comments to the Model Law may be submitted by September 16, 2016.
Continue Reading NAIC Released Draft of Revised Insurance Data Security Model Law for Review
National Institute of Standards and Technology
NIST Recommends against SMS as Second Authentication Factor
By Richard Borden on
Posted in Cybersecurity
On July 29, Paul Grassi, the Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST) posted an unusual blog regarding the new draft NIST Special Publication 800-63-3: Digital Authentication Guideline. The main issue that has created significant commentary by the press and businesses is NIST’s “deprecation” of using SMS…
NIST seeks comments on randomness to protect sensitive information
By Linn Foster Freedman on
Posted in Data Privacy
The National Institute of Standards and Technology (NIST) announced last week that it is seeking comments on its draft publication “Recommendation for the Entropy Sources Used for Random Bit Generation.” What does this mean in layman’s terms? Basically, in order to protect private messages, cryptography is used to encrypt the messages into a…
NIST seeks comments on Cybersecurity Framework
By Linn Foster Freedman on
Posted in Cybersecurity
The National Institute of Standards and Technology (NIST) developed and issued its voluntary “Framework for Improving Critical Infrastructure Cybersecurity” (Framework) in response to a 2013 Executive Order in February of 2014. It was developed in collaboration with industry, academia and state and federal government officials. It has been widely praised and used as a valuable…
NIST issues Draft Framework for Cyber-Physical System
By Linn Foster Freedman on
Posted in Cybersecurity, Internet of Things
On September 18, 2015, the National Institute of Standards and Technology (NIST) issued its draft Framework for Cyber-Physical Systems (CPS), which is “intended to provide a methodology for understanding, designing and building CPS including those with multiple applications.” CPS are smart systems that interact between physical and computational components. These interconnected and integrated systems “can…
NIST draft report: international cybersecurity standardization needed
By Kathleen Porter on
Posted in Cybersecurity
An interagency working group led by The National Institute of Standards and Technology (NIST) and The Department of Commerce recently published a draft report (the Report) recommending that the U.S. government increase its efforts to develop international cybersecurity standards by coordinating with other governments and the private sector.
Historically, U.S. standard setting efforts have been…
NIST releases draft guide for use of mobile devices for medical providers
By Linn Foster Freedman on
Posted in Health Information Privacy
The National Institute of Standards and Technology (NIST) cybersecurity center released a draft guide last week for health IT professionals to use to bolster security for the use of mobile devices in the health care industry. The use of smartphones and other mobile devices have exploded in use in the health care industry and according…