Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: Cybersecurity Framework

Posted in Cybersecurity & Data Breaches

NIST Updates Cybersecurity Framework Guidance

In the past month, the National Institute of Standards and Technology has issued a draft update to its flagship cybersecurity framework as well as new standalone guidance on how organizations can plan to recover from cybersecurity events. The publication of these documents demonstrates NIST’s ongoing focus on providing substantive guidance to the private and public sectors alike on cybersecurity risk management. In this post we summarize the highlights of each of these new NIST publications.

Posted in Cybersecurity & Data Breaches

FCC Seeks Comment on Cybersecurity Recommendations for Communications Providers

The U.S. Federal Communications Commission’s Public Safety and Homeland Security Bureau has requested public input on a recent report on Cybersecurity Risk Management and Best Practices by the Communications Security, Reliability and Interoperability Council for communications providers. The Report represents the latest example of the U.S. government’s continued attention to these issues following the President’s 2013 Executive Order on Improving Critical Infrastructure Cybersecurity. Comments are due May 29, with replies due June 26.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

IPTF Seeks Public Input on Key Cybersecurity Challenges Facing the Digital Economy

On March 16, the U.S. Commerce Department’s Internet Policy Task Force published a Request for Public Comment for input on the key cybersecurity issues affecting the digital ecosystem and digital economic growth. The IPTF aims to coordinate and facilitate consensus-based multistakeholder processes to generate collective guidance and identify best practices. Through this effort, the IPTF seeks to broaden the focus of federal cybersecurity efforts beyond securing critical infrastructure. A number of key cybersecurity challenges have been identified in the Request for Public Comment, and the IPTF is inviting commenters to highlight other topic areas that the IPTF should consider including as part of this process.

Posted in Cybersecurity & Data Breaches

NIST Issues Update on Cybersecurity Framework, Highlights Priorities Moving Forward

On December 5, the National Institute of Standards and Technology issued an update regarding its Framework for Improving Critical Infrastructure Cybersecurity. Since its release in February 2014, the Framework has become an important benchmark for corporate cybersecurity programs. NIST’s update addresses industry input received from an October workshop and an August Request for Information. It also describes NIST’s plans to support future use of the Framework.

Posted in Cybersecurity & Data Breaches

Conference on Medical Device and Healthcare Cybersecurity Highlights New Challenges

The medical internet of things is coming. That was the common recognition of participants at a two-day public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” co-sponsored by the Food and Drug Administration, Department of Health and Human Services, and the Department of Homeland Security. The workshop comes during a busy month for medical device cybersecurity, with the FDA issuing final guidance earlier this month and DHS indicating that it is reviewing dozens of potential cybersecurity vulnerabilities in medical devices.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

OCR and NIST Host Conference and Provide Insights on Safeguarding Health Information

Government officials emphasized the importance of risk analysis and risk management in safeguarding PHI at the Seventh Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference held from September 23–24, 2014, and co-hosted by the National Institute of Standards and Technology and the Department of Health and Human Services, Office for Civil Rights. The conference’s themes—which include risk analysis and risk management, information sharing, and upcoming OCR enforcement efforts—highlighted how HIPAA regulated entities should approach cybersecurity considerations and compliance with the HIPAA Security Rule.

Posted in Cybersecurity & Data Breaches

NIST Seeks Information on Cybersecurity Framework Experience

Six months after release of the Framework for Improving Critical Infrastructure Cybersecurity, on August 21 the National Institute of Standards and Technology put forward a draft Request For Information to learn more about experiences with and effectiveness of the Framework. Through the RFI process, NIST seeks to better understand how organizations in all critical infrastructure sectors are approaching and making specific use of the Framework. Responses to the RFI are expected to shape the agenda for NIST’s 6th Cybersecurity Framework Workshop, its first following the Framework’s release.

Posted in Cybersecurity & Data Breaches

White House Launches Cybersecurity Framework for Corporate Use; NIST to Hold “Privacy Technical Standards” Workshop

On February 12 at a White House event headlined by two Cabinet Secretaries, the President’s Chief of Staff, and three CEOs, the National Institute of Standards and Technology released version 1.0 of a “Framework for Improving Critical Infrastructure Cybersecurity.” Likely to become a highly influential benchmark for assessing the reasonableness of corporate cybersecurity programs, the Framework was developed with input from hundreds of private sector, governmental, and other experts pursuant to the President’s Executive Order on Improving Critical Infrastructure Cybersecurity.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

IAPP Piece Outlines What Privacy Professionals Should Know About the NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) has published its Preliminary Cybersecurity Framework pursuant to Executive Order 13636 on Improving Critical Infrastructure Cybersecurity. The Executive Order further directs NIST to include “methodologies . . . to protect individual privacy and civil liberties,” which NIST has done by including a draft Methodology to Protect Privacy and Civil Liberties for a Cybersecurity Program in Appendix B of the Preliminary Cybersecurity Framework. In a detailed analysis published on International Association of Privacy Professionals’ Privacy Tracker, Hogan Lovells’ Harriet Pearson explores the privacy considerations outlined in the Preliminary Cybersecurity Framework as well as the broader implications that the Framework may hold for U.S. privacy policy.

Posted in Cybersecurity & Data Breaches

NIST Releases Preliminary Cybersecurity Framework; Comment Period to Start Shortly

On October 22, NIST released the official Preliminary Cybersecurity Framework under development pursuant to the President’s Executive Order on Improving Critical Infrastructure Cybersecurity. A formal 45-day comment period will begin once the Preliminary Cybersecurity Framework is published in the Federal Register, which is expected next week. NIST remains on track to meet the Executive Order’s February 2014 deadline for issuance of the final Cybersecurity Framework.

Posted in Cybersecurity & Data Breaches

NIST Releases Discussion Draft of Preliminary Cybersecurity Framework

On August 28, NIST released a discussion draft of the Preliminary Cybersecurity Framework that it is developing pursuant to the President’s Executive Order on Improving Critical Infrastructure Cybersecurity. NIST invites stakeholder review and input of this discussion draft, leading into the publication of the Preliminary Cybersecurity Framework on October 10 for formal public comment. The discussion draft follows on what has already been an active summer with respect to cybersecurity.

Posted in Cybersecurity & Data Breaches

NIST Kicks Off Cybersecurity Framework Development

Development of the new Cybersecurity Framework is now in full swing. President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity (which we previously covered) calls on NIST to lead the development of a Cybersecurity Framework that will provide “a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address […]