May 24, 2019

May 24, 2019

Subscribe to Latest Legal News and Analysis

May 23, 2019

Subscribe to Latest Legal News and Analysis

May 22, 2019

Subscribe to Latest Legal News and Analysis

National Institute of Standards and Technology Publishes Cybersecurity Standards Objectives

The National Institute of Standards and Technology has published a draft of its objectives for cybersecurity standardization, following in many ways the consultative model that it used successfully in drafting the NIST Framework for critical infrastructure cybersecurity.

The NIST international standards report, published August 11, encourages federal agencies to support development of international consensus standards in many cybersecurity areas, including cryptographic techniques, IT system security evaluation, identity management, network security, software assurance, and supply chain risk, among others.

The report strongly endorses the adoption of international consensus standards, over promulgation of government specific standards,  because among other considerations, they are more likely to address and maintain market relevance, benefit from an open and transparent development process, and are more likely to be widely adopted.

Perhaps the most useful segment of the NIST report is a matrix, backed by a comprehensive and well-documented analysis, of the current state of standards development in 10 core areas of cybersecurity standardization.  It identifies those areas where standards are in development or are needed in a half-dozen key IT applications, such as cloud computing, industrial control systems and health IT.  This matrix provides a roadmap for establishing the priorities that agencies and industry may use adopt in developing critical cybersecurity standards.

As with its critical infrastructure Framework process, NIST is seeking public comment on the draft report for inclusion in its final report to Congress.  Comments may be submitted  through September 24, 2015 addressed to: (Subject: “Comments on Draft NISTIR 8074”).  Comments Templates may be found at:

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


About this Author

The frictionless flow of information is a defining feature of today’s information economy. Your organization’s ability to transfer customer data, employee files, financial records, and other information around the country or the globe quickly and cheaply has opened a world of new opportunities. Privacy laws vary by jurisdiction and are interpreted unpredictably, and even if your business is extremely conscientious, it can make a false step as it captures, uses, transfers, and discloses personal information. The consequences can be serious and even devastating — heavy...