June 25, 2022

Volume XII, Number 176

Advertisement
Advertisement

June 24, 2022

Subscribe to Latest Legal News and Analysis

June 23, 2022

Subscribe to Latest Legal News and Analysis

June 22, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

National Institute of Standards and Technology Publishes Cybersecurity Standards Objectives

The National Institute of Standards and Technology has published a draft of its objectives for cybersecurity standardization, following in many ways the consultative model that it used successfully in drafting the NIST Framework for critical infrastructure cybersecurity.

The NIST international standards report, published August 11, encourages federal agencies to support development of international consensus standards in many cybersecurity areas, including cryptographic techniques, IT system security evaluation, identity management, network security, software assurance, and supply chain risk, among others.

The report strongly endorses the adoption of international consensus standards, over promulgation of government specific standards,  because among other considerations, they are more likely to address and maintain market relevance, benefit from an open and transparent development process, and are more likely to be widely adopted.

Perhaps the most useful segment of the NIST report is a matrix, backed by a comprehensive and well-documented analysis, of the current state of standards development in 10 core areas of cybersecurity standardization.  It identifies those areas where standards are in development or are needed in a half-dozen key IT applications, such as cloud computing, industrial control systems and health IT.  This matrix provides a roadmap for establishing the priorities that agencies and industry may use adopt in developing critical cybersecurity standards.

As with its critical infrastructure Framework process, NIST is seeking public comment on the draft report for inclusion in its final report to Congress.  Comments may be submitted  through September 24, 2015 addressed to: nistir8074@nist.gov (Subject: “Comments on Draft NISTIR 8074”).  Comments Templates may be found at: http://csrc.nist.gov/publications/drafts/nistir-8074/nistir_8074_vol1_draft_comment_template.doc.

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume V, Number 236
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

The frictionless flow of information is a defining feature of today’s information economy. Your organization’s ability to transfer customer data, employee files, financial records, and other information around the country or the globe quickly and cheaply has opened a world of new opportunities. Privacy laws vary by jurisdiction and are interpreted unpredictably, and even if your business is extremely conscientious, it can make a false step as it captures, uses, transfers, and discloses personal information. The consequences can be serious and even devastating — heavy...

617-348-1732
Advertisement
Advertisement
Advertisement