In a rapidly evolving technological landscape, the National Institute of Standards and Technology (NIST) has released crucial guidance on managing risks associated with generative AI (GenAI). Our latest client alert delves into the newly published GenAI Profile (NIST AI 600-1), which outlines 12 potential high-level risks and offers actionable strategies for mitigation by breaking down
NIST
Cybersecurity preparedness: What guidance to follow?
With cybersecurity becoming a board-level issue, compliance officers, lawyers, board members, and business drivers are looking for official guidance or recommendations on cybersecurity measures to protect business, customers, and the wider economy.Continue Reading Cybersecurity preparedness: What guidance to follow?
Recent report signals NIST may publish IoT cybersecurity standards
Although regulators seem to think all too often that cybersecurity is an after-thought for internet-connected device manufacturers, the National Institute of Standards and Technology (NIST) recognizes that as the Internet of Things (IoT) grows, so do cybersecurity risks. In March 2021, NIST published several key takeaways from a recent workshop that provide helpful guidance for IoT manufacturers so that they can be more pro-active in securing IoT devices.
Continue Reading Recent report signals NIST may publish IoT cybersecurity standards
NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems
On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.” The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems. In the blog post accompanying the release, NIST notes that the report is intended to address the absence of a vocabulary for talking about privacy outcomes and to produce “processes that are repeatable and could lead to measurable results.”
To this end, the report introduces three (3) privacy engineering objectives, which are intended to help system designers, engineers and policy teams to help “bridge the gap between high-level privacy principles and their implementation within systems.” These objectives are defined as follows:
Continue Reading NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems
FDA Releases Guidance on Cybersecurity and Medical Devices
The FDA represents the latest federal agency to show a focus on cybersecurity issues with the release December 28 of new guidance. While the prospect of network-enabled medical devices increasingly offers the promise of improved care and patient treatment, evolving technology and new-found connectivity present emerging security considerations as well.
The Food and Drug…
The Final NIST Cybersecurity Framework Document Is Out: Now What?
This post was written by Timothy J. Nagle.
The year-long process – led by the National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) – of conducting outreach to the private sector, issuing drafts, receiving and evaluating input, and facilitating interagency coordination, ended with the publication last week of…
NIST Cybersecurity Framework
This post was written by Timothy J. Nagle.
NIST published the “Preliminary Cybersecurity Framework,” comprised of a Core, a Profile, and Information Tiers, in October. Comments were due by December 13th, and many industries, sectors and organizations have provided input. There is general industry support for the purpose, content, and collaborative development of the Framework,…
The NIST Cybersecurity Framework: The Only Game in Town?
This post was written by Timothy J. Nagle.
On Tuesday, the White House cybersecurity coordinator posted a blog on the White House website describing incentives that may be made available to private sector “owners and operators.” The blog reviews the purpose of the Executive Order (information sharing, privacy and adoption of cybersecurity practices) that was…
Cybersecurity in Infrastructure Industries: Help is Available
This post was also written by Timothy J. Nagle.
One of the most significant takeaways from Reed Smith’s June 25, 2013 teleseminar, “Cybersecurity in Critical Infrastructure Industries,” is the availability of industry and governmental resources to assist oil and gas companies, electric utilities, and municipal water systems in assessing cybersecurity threats and finding ways to…
NIST Releases Draft Policy of Mobile Security Guidelines, Recommends Centralized Mobile Device Management
This post was written by Amy S. Mushahwar.
On July 11, the National Institute of Standards and Technology (“NIST”) released Guidelines for Managing and Securing Mobile Devices in The Enterprise, its draft policy for securing mobile devices that will supplement its already-published general security recommendations for any IT technology. In these draft Guidelines, which…