The healthcare industry could greatly benefit from innovations in digital identity, said Jeremy Grant, senior executive advisor for identity management at the National Institute of Standards and Technology. Rather than create a one-off solution specific to healthcare, the industry can leverage other work being done to support the National Strategy for Trusted Identities in Cyberspace.
A Homeland Security Department official said the department sees small and medium businesses as a key community for adoption of the cybersecurity framework released earlier this month. DHS released a request for information seeking feedback on the cybersecurity industry's capability to provide "broadly scalable cyber security solutions at an affordable cost" to small and medium businesses.
Making good on a November promise to review its cryptographic standards development process and subject it to public comment, the National Institute of Standards and Technology released Wednesday proposed internal guidance that would bind it to being transparent, open and impartial.
The cybersecurity framework released earlier this month by the National Institute of Standards and Technology has the potential to change federal agencies' approach to cybersecurity as well as that of the original intended audience of private sector critical infrastructure companies, said a NIST official. The framework outlines a maturity model of four tiers against which adoptees can benchmark the sophistication of their cybersecurity program.
Now that the cybersecurity framework is out, the National Institute of Standards and Technology says a next step will be to map the alignment of its remaining library of cybersecurity guidance documents to practices called for in the voluntary guidance document.
Although the National Institute of Standards and Technology backed down from including a dedicated privacy appendix in the newly released critical infrastructure cybersecurity framework, it hasn't given up on the prospect of including privacy controls in future iterations of the framework. In the final version of the framework released Feb. 12 – final only in the sense that it's version 1.0 of what NIST says will be a "living document" – NIST removed an appendix containing privacy controls included in earlier drafts.
The House Homeland Security Committee approved by unanimous voice vote a cybersecurity bill that would codify the Homeland Security Department's role in federal cybersecurity and require it to work with the private sector on securing critical infrastructure.
The National Institute of Standards and Technology sees testing as critical to the formation of an identity ecosystem, as called for in the National Strategy for Trusted Identities in Cyberspace. On Jan. 16, NIST formally announced (.pdf) a federal funding opportunity for a third round of NSTIC pilots.
Funding for the National Institute of Standards and Technology this fiscal year under the omnibus federal funding bill signed into law by President Obama Jan. 17 will be better than in recent years past. The compromise funding bill (H.R. 3547) appropriates $850 million for NIST – not as much as the Commerce Department bureau's $928.3 million request, but $41 million above the enacted fiscal 2013 level, and well more than the $782.4 million it received in fiscal 2012.
The final draft of the critical infrastructure cybersecurity framework under development by the National Institute of Standards and Technology for nearly a year will not include a separate appendix for privacy controls. In the place of a dedicated privacy appendix, NIST will incorporate an alternative methodology first developed (.pdf) by Hogan Lovells partner Harriet Pearson.