Latest Headlines

Latest Headlines

ONC, Inova look to NSTIC for healthcare identity management

The healthcare industry could greatly benefit from innovations in digital identity,  said  Jeremy Grant, senior executive advisor for identity management at the National Institute of Standards and Technology. Rather than create a one-off solution specific to healthcare, the industry can leverage other work being done to support the National Strategy for Trusted Identities in Cyberspace.

DHS to foster NIST cybersecurity framework adoption among small and medium businesses

A Homeland Security Department official said the department sees small and medium businesses as a key community for adoption of the cybersecurity framework released earlier this month. DHS  released  a request for information seeking feedback on the cybersecurity industry's capability to provide "broadly scalable cyber security solutions at an affordable cost" to small and medium businesses. 

NIST proposes encryption standard development process internal guidance

Making good on a November promise to review its cryptographic standards development process and subject it to public comment, the National Institute of Standards and Technology released Wednesday proposed internal guidance that would bind it to being transparent, open and impartial.

Gallagher: NIST framework could improve federal agency cybersecurity programs

The cybersecurity framework released earlier this month by the National Institute of Standards and Technology has the potential to change federal agencies' approach to cybersecurity as well as that of the original intended audience of private sector critical infrastructure companies, said a NIST official. The framework outlines a maturity model of four tiers against which adoptees can benchmark the sophistication of their cybersecurity program.

NIST to mine special publications for additional cybersecurity framework guidance

Now that the cybersecurity framework is out, the National Institute of Standards and Technology says a next step will be to map the alignment of its remaining library of cybersecurity guidance documents to practices called for in the voluntary guidance document.

Privacy high on agenda for second cybersecurity framework revision

Although the National Institute of Standards and Technology backed down from including a dedicated privacy appendix in the newly released critical infrastructure cybersecurity framework, it hasn't given up on the prospect of including privacy controls in future iterations of the framework. In the final version of the  framework released  Feb. 12 – final only in the sense that it's version 1.0 of what NIST says will be a "living document" – NIST  removed an appendix  containing privacy controls included in earlier drafts.

House Homeland Security approves critical infrastructure cybersecurity bill

The House Homeland Security Committee approved by unanimous voice vote a cybersecurity bill that would codify the Homeland Security Department's role in federal cybersecurity and require it to work with the private sector on securing critical infrastructure.

NIST opens third round of NSTIC pilots

The National Institute of Standards and Technology sees testing as critical to the formation of an identity ecosystem, as called for in the National Strategy for Trusted Identities in Cyberspace. On Jan. 16, NIST formally  announced  (.pdf) a federal funding opportunity for a third round of NSTIC pilots.

NIST's fiscal 2014 funding improves over previous years

Funding for the National Institute of Standards and Technology this fiscal year under the omnibus federal funding bill signed into law by President Obama Jan. 17 will be better than in recent years past. The compromise funding bill (H.R. 3547) appropriates $850 million for NIST – not as much as the Commerce Department bureau's $928.3 million request, but $41 million above the enacted fiscal 2013 level, and well more than the $782.4 million it received in fiscal 2012.

NIST drops privacy appendix from cybersecurity framework

The final draft of the critical infrastructure cybersecurity framework under development by the National Institute of Standards and Technology for nearly a year will not include a separate appendix for privacy controls. In the place of a dedicated privacy appendix, NIST will incorporate an alternative methodology first  developed  (.pdf) by Hogan Lovells partner Harriet Pearson.