With Labor Day over and summer now fading into memory, it’s the perfect time to take a fresh look at your data and information security, privacy and compliance postures. And to review fresh lessons from what 2016 has served up as to data breaches and incidents in the first six months. Background Earlier this year, […]
Category: NIST
Ready to Revisit Your Cloud Contracts? FedRAMP is Ramping Up With Three Public Webinars
Those who follow cloud computing on the federal level know the Federal Risk and Authorization Management Program (“FedRAMP”) is tasked with developing a “government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” We expect FedRAMP to have a broader ripple effect for corporate cloud contracting, […]
NIST Releases “Security by Design” Public Draft Guidance
Following on the heels of the National Institute of Standards and Technology‘s (“NIST”) release of the Framework for Improving Critical Infrastructure Cybersecurity (a/k/a the “Cybersecurity Framework” – see our coverage here and here), NIST unveiled yesterday a 123-page initial draft for public comment of Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. […]
Procurement Takeaways of the Intersection of Cloud Computing and Mobility
The National Institute of Standards and Technology (“NIST”) held a two and a half day workshop last week, March 25-27, entitled The Intersection of Cloud and Mobility, to brainstorm on the issues, problems and realities of a world where “low-end mobile devices access diverse and scalable cloud computing resources and globally connected mobile enabled resources […]
Why the Cybersecurity Framework Matters for Your Security Programs
Richard Santalesa’s latest IAPP Privacy Perspectives commentary discussing what the National Institute of Standards and Technologies “Cybersecurity Framework” means for privacy and risk management professionals – and by extension your infosec and data security efforts – is up. The Framework is likely to be very influential going forward as federal agencies, government contractors and ultimately […]
NIST Cybersecurity Framework Telebriefing – Mar. 13
UPDATE: Registration now open for our upcoming LSI Telebriefing on March 13, 1pm ET covering the “NIST Framework for Improving Critical Infrastructure Cybersecurity.” Registration information here. It should be an interesting and engaging discussion ahead of NIST’s March 27 State and Local Government Cybersecurity Framework Kickoff Workshop. Original: The SmartedgeLaw Group will moderate a telebriefing […]
NIST Issues Final “Critical Infrastructure Cybersecurity Framework” So?
The National Institute of Standards and Technology (“NIST”), part of the Dept of Commerce, has been at the forefront of federal cyber and information security efforts, issuing numerous “Special Publications” addressing cyber and data security issues, risk management, encryption, mobile security and related topics. It’s latest significant release on Feb. 12th of the final Critical […]
New Federal Guidance for BYOD Security Released
The National Institute of Standards and Technology (“NIST”) is at it again. This past Monday it released an update of its 2008-era special publication to reflect the tremendous growth of mobile devices since: Guidelines for Managing the Security of Mobile Devices in the Enterprise (SP 800-124r1))(the “Mobile Guidelines”). The Mobile Guidelines are designed to go […]
NIST to Launch Big Data Working Group
The National Institute of Standards and Technology (“NIST”), which we’ve written about at length in the past in connection with its ongoing data security and cloud computing related work, announced the formation of a Big Data Working Group today, with a “kick off” conference call this Wed., June 19, from 1-3pm EDT. The group is […]
NIST Issues Final Draft of Security Controls for Comment
Over three previous drafts of its Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication 800-53, the National Institute of Standards and Technology (“NIST”) has honed focus while expanding the reach of infosec controls, all culminating in this latest 455-page “Revision 4″ released for public comment last week. Dubbed the “Final Public […]
NIST Releases Public Draft SP800-53 Addressing Cybersecurity Threats & Privacy Controls
Yesterday the National Institute of Standards and Technology (NIST) released the 4th iteration of what will ultimately be a mainstay document for federal agencies required to comply with provisions of the Federal Information Security Management Act (FISMA) and FIPS 200. As a result it should have a significant affect on federal cloud security practices that […]
NIST Issues Finalized Guidelines for Managing Security & Privacy in Public Cloud Computing
Say what you will about the federal government, the Nat’l Institute of Standards & Technology (“NIST“), part of the Department of Commerce, has certainly been busy over the past year releasing numerous special drafts and reports addressing cloud computing recommendations, security and issues. [Full disclosure: I’m a member of several NIST working groups, including one currently working […]
Definition of Cloud Computing – NIST Releases Final SP 800-145
We actively follow the work of the National Institute of Standards and Technology (NIST), part of the U.S. Commerce Department, which over the past year has been very busy in the areas of Cloud Computing and information data security. Yesterday NIST announced “the final release of Special Publication 800-145, The NIST Definition of Cloud Computing.” NIST’s […]
NIST Releases New DRAFT Cloud Computing Synopsis
The National Institute of Standards and Technology (NIST) recently released a new cloud computing draft special publication for public review and comment (see associated press release), which NIST is billing as “its most complete guide to cloud computing to date.” Public comments to NIST on the 84-page P 800-146 DRAFT Cloud Computing Synopsis and Recommendations (PDF 1.9MB) […]
NIST Issues Two New Draft Cloud Computing Documents, A Call for Public Comment and a Cloud Wiki
Last week the National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, released for public comment two “new” draft documents centered on cloud computing. The first is a NIST-codified Definition of Cloud Computing (Draft SP 800-145), and the second document is what NIST calls “the first set of guidelines for […]
