Latest Headlines

Latest Headlines

NIST to mine special publications for additional cybersecurity framework guidance

Now that the cybersecurity framework is out, the National Institute of Standards and Technology says a next step will be to map the alignment of its remaining library of cybersecurity guidance documents to practices called for in the voluntary guidance document.

Privacy high on agenda for second cybersecurity framework revision

Although the National Institute of Standards and Technology backed down from including a dedicated privacy appendix in the newly released critical infrastructure cybersecurity framework, it hasn't given up on the prospect of including privacy controls in future iterations of the framework. In the final version of the  framework released  Feb. 12 – final only in the sense that it's version 1.0 of what NIST says will be a "living document" – NIST  removed an appendix  containing privacy controls included in earlier drafts.

House Homeland Security approves critical infrastructure cybersecurity bill

The House Homeland Security Committee approved by unanimous voice vote a cybersecurity bill that would codify the Homeland Security Department's role in federal cybersecurity and require it to work with the private sector on securing critical infrastructure.

NIST opens third round of NSTIC pilots

The National Institute of Standards and Technology sees testing as critical to the formation of an identity ecosystem, as called for in the National Strategy for Trusted Identities in Cyberspace. On Jan. 16, NIST formally  announced  (.pdf) a federal funding opportunity for a third round of NSTIC pilots.

NIST's fiscal 2014 funding improves over previous years

Funding for the National Institute of Standards and Technology this fiscal year under the omnibus federal funding bill signed into law by President Obama Jan. 17 will be better than in recent years past. The compromise funding bill (H.R. 3547) appropriates $850 million for NIST – not as much as the Commerce Department bureau's $928.3 million request, but $41 million above the enacted fiscal 2013 level, and well more than the $782.4 million it received in fiscal 2012.

NIST drops privacy appendix from cybersecurity framework

The final draft of the critical infrastructure cybersecurity framework under development by the National Institute of Standards and Technology for nearly a year will not include a separate appendix for privacy controls. In the place of a dedicated privacy appendix, NIST will incorporate an alternative methodology first  developed  (.pdf) by Hogan Lovells partner Harriet Pearson.

House Homeland Security critical infrastructure bill gets potentially controversial amendment

A House Homeland Security subcommittee approved by unchallenged voice vote a critical infrastructure cybersecurity bill, adding in the process several amendments – one of which could generate opposition to an otherwise bipartisan bill.

NIST undeterred by FFRDC criticism

Comments from critics of the National Institute of Standards and Technology's decision to establish a new federally funded research and development center focused on cybersecurity haven't deterred it from going forward, shows a Jan. 10 notice from NIST in the  Federal Register.

Study: Warning messages deter hackers

Warning messages presented when users access a computer system to caution against tresspassing decrease the duration of tresspassing incidents, according to a study in the journal Criminology. However, the messages did not prevent the incidents from occuring.

Security and resilience 'primary aim' of critical infrastructure planning, says new NIPP

A revised National Infrastructure Protection Plan issued by the Homeland Security Department in late December places greater emphasis on security and resilience than its predecessor from 2009.