Tag Archives: NIST

NIST seeks comments on randomness to protect sensitive information

The National Institute of Standards and Technology (NIST) announced last week that it is seeking comments on its draft publication “Recommendation for the Entropy Sources Used for Random Bit Generation.” What does this mean in layman’s terms? Basically, in order to protect private messages, cryptography is used to encrypt the messages into a form that cannot … Continue Reading

BIMCO issues cybersecurity guidelines for ships

Last week, BIMCO, along with other shipping organizations, “launched” guidelines “to help the global shipping industry prevent major safety, environmental and commercial issues that could result from a cyber incident on-board a ship.” BIMCO states that the guidelines are “a first for the shipping industry” (which to our knowledge is true and we applaud). The … Continue Reading

FTC settles with software provider over misleading customers about encryption of patient data

The Federal Trade Commission (FTC) announced on January 5, 2016, that it has agreed to settle an investigation with Henry Schein Practice Solutions, Inc. (Schein), an office management software provider for dental practices based in Utah, for $250,000 for allegations of falsely advertising the level of encryption it provided for patient data. The FTC alleged … Continue Reading

Omnibus funding bill creates healthcare cybersecurity task force

The $1.1 trillion spending and tax extender bill that is on President Obama’s desk awaiting signature creates a healthcare industry cybersecurity task force, which must be established within 90 days of enactment. This is important news since a recent report issued by the International Data Corporation forecasts that one in three consumers will have their … Continue Reading

NIST seeks comments on Cybersecurity Framework

The National Institute of Standards and Technology (NIST) developed and issued its voluntary “Framework for Improving Critical Infrastructure Cybersecurity” (Framework) in response to a 2013 Executive Order in February of 2014. It was developed in collaboration with industry, academia and state and federal government officials. It has been widely praised and used as a valuable … Continue Reading

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended from September 25, 2015 to October, 23, 2015. The guide provides a detailed architecture to assist with securing health records on mobile devices. The … Continue Reading

NIST issues Draft Framework for Cyber-Physical System

On September 18, 2015, the National Institute of Standards and Technology (NIST) issued its draft Framework for Cyber-Physical Systems (CPS), which is “intended to provide a methodology for understanding, designing and building CPS including those  with multiple applications.” CPS are smart systems that interact between physical and computational components. These interconnected and integrated systems “can … Continue Reading

Security Frameworks 101: Which is right for my organization?

These days information security is on the minds of virtually all technology professionals and business executives alike. But how does an organization ensure that its security profile is adequate. It can certainly help to subscribe to a security framework. What is a security framework and which should I consider for my organization? A security framework can … Continue Reading

NIST issues Cybersecurity Practice Guide for Electric Utilities

Yesterday, the National Cybersecurity Center of Excellence issued its NIST Cybersecurity Practice Guide, Draft Special Publication 1800-2 “Identity and Access Management for Electric Utilities.” The Guide is a result of collaboration between NIST and utilities stakeholders, including the energy sector and technology vendors, to design an example solution to help energy companies manage and control … Continue Reading

NIST draft report: international cybersecurity standardization needed

An interagency working group led by The National Institute of Standards and Technology (NIST) and The Department of Commerce recently published a draft report (the Report) recommending that the U.S. government increase its efforts to develop international cybersecurity standards by coordinating with other governments and the private sector. Historically, U.S. standard setting efforts have been … Continue Reading
LexBlog