On June 18, 2023, the Biden-Harris administration announced the launch of a new “U.S. Cyber Trust Mark” program (hereinafter the “Program”). First proposed by Federal Communication Commission (“FCC”) Chairwoman Jessica Rosenworcel, the Program aims to increase transparency and competition across the smart devices sector and to assist consumers in making informed decisions about the security of the devices they purchase.Continue Reading Biden Admin Eyes IoT Cyber Practices
NIST
NIST Extends Comment Period for Two New Drafts
The National Institute of Standards and Technology (“NIST”) has extended the comment period on its recently released draft documents, NIST SP 800-171 Revision 2 and NIST SP 800-171B. The comment period for both NIST SP 800-171 Revision 2 and NIST SP 800-171B was initially open until July 19, 2019. It was recently extended to…
DoD Increases DCMA Cybersecurity Responsibilities
The Department of Defense recently released a memorandum directing the Defense Contract Management Agency (DCMA) to implement and assess company-wide cyber compliance with the DFARS Safeguarding Clause and related security standard, NIST SP 800-171. For further analysis, visit our Government Contracts Legal Forum blog post.
NIST Surveys and Assesses Broad Landscape of IoT Cybersecurity Standards in Interagency Report
Following a draft Interagency Report published in February, the National Institute of Standards and Technology (“NIST”) has published NISTIR 8200: Interagency Report on the Status of International Cybersecurity Standardization for the Internet of Things (IoT), which seeks to assess the “current state of international cybersecurity standards development for IoT.” In this effort, the Report defines the major areas where IoT is currently being used and evaluates various IoT cybersecurity standards commonly applied in those areas. To evaluate the surveyed IoT standards, the Report relies on a framework that breaks the standards down into twelve core areas, each of which designates a distinct, common element of cybersecurity measures.
Where IoT is Being Used the Most
To help evaluate the current understanding of cybersecurity risks involved in IoT applications and the methods used to measure them, the Report overviews major IoT technologies and how they are deployed. It then breaks down the network-connected devices, systems, and services comprising IoT into five major categories of application, explaining the common components of each:Continue Reading NIST Surveys and Assesses Broad Landscape of IoT Cybersecurity Standards in Interagency Report
New Internet of Things (IoT) NIST Draft Publication Provides Welcomed Guidance
Responding to the rise of interconnected technology, the National Institute for Standards and Technology (NIST) has recently issued an introductory document in a planned series of cybersecurity publications addressing Internet of Things (IoT) privacy risks. Open for comment through October 24, 2018, the Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and…
No Summer Vacation for Government as New Cybersecurity Legislation Passes
The federal government has kept busy this summer by issuing multiple regulations impacting government contractors’ cybersecurity. First, the Department of Defense released the 2019 National Defense Authorization Act (NDAA), which included notable cybersecurity provisions involving foreign ownership and Controlled Unclassified Information (CUI), among others. Second, Congress passed the NIST Small Business Cybersecurity Act requiring the…
Is Government Data at Risk? Study Finds Industry Cybersecurity Lagging Government
Security ratings firm BitSight recently released a report citing a gap in cybersecurity performance between the U.S. Government and contractors.
The report was the result of a comparative security assessment between 1,212 randomly selected government contractors and 122 federal agencies. The assessment found that federal agencies were at least 15 points better than the mean …
Comment Period Extended for NIST SP 800-171 Assessment Guide
Less than two weeks after the National Institute of Standards and Technology (NIST) published a draft version of NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information, on November 28, the National Archives and Records Administration (NARA) announced today that the comment period has been extended to January 15, 2018. This gives interested …
Privacy-Cybersecurity Weekly News Update—Week of November 13
Discussion headlines: New guidelines for IoT; Russia blocks access to LinkedIn; Standing under the TCPA; Long distance search warrant power
The DHS and NIST Release Guidelines for the IoT
This week, both the Department of Homeland Security and the National Institute of Standards and Technology released a set of guidelines intended to secure the IoT. …
Privacy & Cybersecurity Weekly News Update
Hamburg DPA orders WhatsApp to stop sharing data with Facebook; GAO: HHS Needs to Improve is Digital Health Protection Rules; Notice and Choice Becoming Par for the Course for Interest-Based-Ads in Apps
German Data Protection Authority of Hamburg orders WhatsApp to stop sharing data with Facebook
On September 27, 2016, the Hamburg Commissioner for…