Tag Archives: NIST

Do You Have “Security Fatigue”?

Every day it seems a new data security breach has occurred, a new “cyber hack” is in the news…making us run to our phones, computers, bank accounts, you name it, to see if we could be the “one” affected. As a result, more and more online transactions, websites, financial institutions, for work or personal, require … Continue Reading

Privacy Tip #110 – Resources for Small Businesses to Stay Informed about Cyber Threats

The Federal Trade Commission (FTC) has concentrated on small businesses this year with the launch of www.FTC.gov/SmallBusiness , which provides data security awareness information to small businesses. The  site includes articles about data security, how to develop a data security plan, what happens when ransomware affects your business, what to do in response to a … Continue Reading

NIST Updates Digital Identity Guidelines for Federal Agencies

This month, the National Institute of Standards and Technology (NIST) announced in a Bulletin that it has updated its Digital Identity Guidelines, which “provides agencies with technical guidelines regarding the digital authentication of users to federal networked systems.” The Bulletin outlines the components of digital identity—identity proofing, authentication and federation for federal agencies to use … Continue Reading

NIST Publishes Updated Cybersecurity Guidance and Guidance on Passwords

The National Institute of Science and Technology (NIST) has long been a leading authority in Cybersecurity—even before Cybersecurity became a household name. It originally published its Cybersecurity Framework-intended not to be a standard, but to offer guidance—to all industries on how to begin to tackle data security. As cyber threats expand and become more sophisticated, … Continue Reading

Privacy Tip #102 – How to Educate Your Employees to Use Long, Easy to Remember Passwords

I feel like I have been writing about Passwords over and over and that’s because I have. Despite hearing about how important passwords are over and over again, compromised passwords continues to be an issue for organizations. Since the National Institute of Science and Technology (NIST) recently published new guidance and is recommending the use … Continue Reading

OCR Urges Covered Entities and Business Associates to Use HTTPS

New guidance from the Office for Civil Rights (OCR) urges covered entities and business associates to use Secure Hypertext Transport Protocol (HTTPS) to protect communications from vulnerabilities. According to OCR, the vulnerability can be introduced by the use of products that inspect HTTPS traffic. These products are used to detect malware or unsafe connections, which … Continue Reading

NIST Releases Update to Cybersecurity Framework

The National Institute of Standards and Technology (NIST) has issued an update to its Framework for Improving Critical Infrastructure Cybersecurity, which includes information relating to managing supply chain risks, measuring methodology and reducing cybersecurity risks to organizations. The new guidance includes feedback that NIST has received following the release of the Framework in 2012, as … Continue Reading

NIST Releases Guidance on Internet of Things

The National Institute of Standards and Technology (NIST) recently released guidance for the makers of devices that use or are connected to the Internet to build robust security measures into the design of products from the get-go. The Guidance—NIST Special Publication 800-160, is the culmination of four years of research, and focuses on the engineering … Continue Reading

New Cybersecurity Profile Issued for Maritime Industry on Transfer of Hazardous Liquids in Ports

The National Institute of Standards and Technology (NIST) has teamed up with the United States Coast Guard(USCG) and private industry to issue a new cybersecurity document that will assist the maritime industry in securing the transportation of hazardous liquids in ports around the United States. The document is in response to the recognition that the … Continue Reading

DOT Issues Proposed Cybersecurity Guidance for Auto Industry

On Monday, October 24, 2016, the Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) issued proposed cybersecurity  guidance to the auto industry, including auto manufacturers and designers and manufacturers of vehicle systems and software, designed to assist the industry in developing best practices to safeguard vehicles’ systems against cyber-attacks and to protect the data … Continue Reading

Draft Cybersecurity Self-Assessment Tool Published

The National Institute of Standards and Technology (NIST) recently published a draft cybersecurity self-assessment tool entitled “The Baldrige Cybersecurity Excellence Builder,” which provides organizations with a tool to determine its security maturity level. According to the guide, it will assist organizations to: Determine cybersecurity-related activities that are important to business strategy and the delivery of … Continue Reading

NIST Extends Deadline for Comments to Mobile Device Infrastructure Guidance

All enterprises are struggling with the security risks posed by the use of mobile devices by employees. Companies want their employees to have easy access to information so that they can perform their job functions in an efficient and easy way, yet allowing easy access to company data through mobile devices are security professionals’ nightmare. … Continue Reading

The Cyber Regulation Drops

On September 13, 2016, Governor Andrew Cuomo announced the first proposed broadly applicable cyber regulation in the U.S. (the “Regulation”). The Regulation covers banks, insurance companies and other financial institutions (Covered Entities) regulated by the New York Department of Financial Services (the “DFS”). The Regulation is tightly focused, but with broad reach. It appears to … Continue Reading

NAIC Released Draft of Revised Insurance Data Security Model Law for Review

The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive standards… for data security and investigation and notification of a data breach” for “any person or entity licensed, authorized to operate, or … Continue Reading

NIST Recommends against SMS as Second Authentication Factor

On July 29, Paul Grassi, the Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST) posted an unusual blog regarding the new draft NIST Special Publication 800-63-3: Digital Authentication Guideline. The main issue that has created significant commentary by the press and businesses is NIST’s “deprecation” of using SMS (text messages) … Continue Reading

NIST seeks comments on randomness to protect sensitive information

The National Institute of Standards and Technology (NIST) announced last week that it is seeking comments on its draft publication “Recommendation for the Entropy Sources Used for Random Bit Generation.” What does this mean in layman’s terms? Basically, in order to protect private messages, cryptography is used to encrypt the messages into a form that cannot … Continue Reading

BIMCO issues cybersecurity guidelines for ships

Last week, BIMCO, along with other shipping organizations, “launched” guidelines “to help the global shipping industry prevent major safety, environmental and commercial issues that could result from a cyber incident on-board a ship.” BIMCO states that the guidelines are “a first for the shipping industry” (which to our knowledge is true and we applaud). The … Continue Reading

FTC settles with software provider over misleading customers about encryption of patient data

The Federal Trade Commission (FTC) announced on January 5, 2016, that it has agreed to settle an investigation with Henry Schein Practice Solutions, Inc. (Schein), an office management software provider for dental practices based in Utah, for $250,000 for allegations of falsely advertising the level of encryption it provided for patient data. The FTC alleged … Continue Reading

Omnibus funding bill creates healthcare cybersecurity task force

The $1.1 trillion spending and tax extender bill that is on President Obama’s desk awaiting signature creates a healthcare industry cybersecurity task force, which must be established within 90 days of enactment. This is important news since a recent report issued by the International Data Corporation forecasts that one in three consumers will have their … Continue Reading

NIST seeks comments on Cybersecurity Framework

The National Institute of Standards and Technology (NIST) developed and issued its voluntary “Framework for Improving Critical Infrastructure Cybersecurity” (Framework) in response to a 2013 Executive Order in February of 2014. It was developed in collaboration with industry, academia and state and federal government officials. It has been widely praised and used as a valuable … Continue Reading
LexBlog