Tag Archives: NIST

Recent report signals NIST may publish IoT cybersecurity standards

Although regulators seem to think all too often that cybersecurity is an after-thought for internet-connected device manufacturers, the National Institute of Standards and Technology (NIST) recognizes that as the Internet of Things (IoT) grows, so do cybersecurity risks. In March 2021, NIST published several key takeaways from a recent workshop that provide helpful guidance for … Continue Reading

NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems

On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.”  The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems. … Continue Reading

FDA Releases Guidance on Cybersecurity and Medical Devices

The FDA represents the latest federal agency to show a focus on cybersecurity issues with the release December 28 of new guidance. While the prospect of network-enabled medical devices increasingly offers the promise of improved care and patient treatment, evolving technology and new-found connectivity present emerging security considerations as well. The Food and Drug Administration … Continue Reading

The Final NIST Cybersecurity Framework Document Is Out: Now What?

This post was written by Timothy J. Nagle. The year-long process – led by the National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) – of conducting outreach to the private sector, issuing drafts, receiving and evaluating input, and facilitating interagency coordination, ended with the publication last week of the “Framework … Continue Reading

NIST Cybersecurity Framework

This post was written by Timothy J. Nagle. NIST published the “Preliminary Cybersecurity Framework,” comprised of a Core, a Profile, and Information Tiers, in October.  Comments were due by December 13th, and many industries, sectors and organizations have provided input.  There is general industry support for the purpose, content, and collaborative development of the Framework, … Continue Reading

The NIST Cybersecurity Framework: The Only Game in Town?

This post was written by Timothy J. Nagle. On Tuesday, the White House cybersecurity coordinator posted a blog on the White House website describing incentives that may be made available to private sector “owners and operators.” The blog reviews the purpose of the Executive Order (information sharing, privacy and adoption of cybersecurity practices) that was … Continue Reading

Cybersecurity in Infrastructure Industries: Help is Available

This post was also written by Timothy J. Nagle. One of the most significant takeaways from Reed Smith’s June 25, 2013 teleseminar, “Cybersecurity in Critical Infrastructure Industries,” is the availability of industry and governmental resources to assist oil and gas companies, electric utilities, and municipal water systems in assessing cybersecurity threats and finding ways to … Continue Reading

NIST Releases Draft Policy of Mobile Security Guidelines, Recommends Centralized Mobile Device Management

This post was written by Amy S. Mushahwar.  On July 11, the National Institute of Standards and Technology (“NIST”) released Guidelines for Managing and Securing Mobile Devices in The Enterprise, its draft policy for securing mobile devices that will supplement its already-published general security recommendations for any IT technology. In these draft Guidelines, which are a … Continue Reading