ISO, NIST, CMMC — if the alphabet soup of cybersecurity frameworks has you confused, we’ve got you covered. In the latest episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss chats with guest Jim Watkins, former deputy laboratory director in the FBI’s Orange County Crime Lab and current certified technical assessor for the ANSI National Accreditation Board, about some of the more prominent cybersecurity frameworks, the process of cybersecurity assessments, how compliance issues are addressed, and what’s the difference between self-assessment, self-certification, and accreditation, and how a skilled attorney can make all the difference in getting accredited.
In a release aptly labeled “A Starting Point for IoT Device Manufacturers” the National Institute of Standards and Technology (NIST), an arm of the Department of Commerce, recently added to the discussion with the publication. NIST sought to provide IoT device manufacturers a better understanding of appropriate cybersecurity features for the vast and constantly proliferating range of IoT devices. NIST’s fundamental purpose is to improve the securitibility of IoT devices and to identify, in general terms, the features that can be designed so that customers can better use them to manage cybersecurity risk profiles.
As previously reported, the National Institute of Standards and Technology (NIST) is developing a voluntary Privacy Framework in collaboration with private- and public-sector stakeholders. The goal is to help organizations better identify, assess, manage, and communicate their privacy risks. Other benefits anticipated from this project are fostering the growth of innovative approaches to protecting individual privacy and creating greater trust in products and services that may use the Framework once it is established.
The National Institute of Standards and Technology (NIST) published its request for information (RFI) covering a series of questions designed to assist in the development of a voluntary framework meant to improve the management of the privacy risk that could arise from the collection, storage and use of individuals’ information in the Federal Register on November 14, 2018.
The Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued a Notice seeking comments on a proposed federal consumer data privacy approach. In a parallel effort, the Commerce Department’s National Institute of Standards and Technology is developing a voluntary privacy framework to help organizations manage risk.
The Internet Association (IA), a group of 40 major internet and technology firms, called for the establishment of a national privacy framework anchored by six privacy principles on Wednesday. In its press release announcing the principles, the IA indicated its support for the American approach to federal privacy legislation that is “consistent nationwide, proportional, flexible, and encourages companies to act as good stewards of the personal information provided to them by individuals.”