Tag Archives: NIST

NIST Releases Fifth Revision of Special Publication 800-53

The National Institute of Standards and Technology (“NIST”) released on August 15, 2017 its proposed update to Special Publication (“SP”) 800-53. NIST SP 800-53, which was last revised in 2014, provides information security standards and guidelines, including baseline control requirements, for implementation on federal information systems under the Federal Information Systems Management Act of 2002 … Continue Reading

Time Is On My Side: DoD Hears Industry Concerns – Additional Time Provided to Implement Security Controls Under New Cyber Rule

On December 30th, the Department of Defense (DoD) issued a Second Interim Rule amending its “Network Penetration Reporting and Contracting for Cloud Services” Interim Rule and giving  contractors until December 31, 2017 to implement the NIST SP 800-171 security controls required by DFARS 252.204-7012.  As noted in a previous post, DoD has already issued a … Continue Reading

DoD Issues Three Cloud Computing and Security Documents for Public Comment

On July 24, 2015, the Defense Information Security Agency (“DISA”) issued three draft documents (available here for download) concerning the adoption of secure cloud computing systems by the Department of Defense (“DoD”).  DISA is tasked with developing DoD’s security requirements guides for cybersecurity policies, standards, architectures, security controls, and validation procedures.  Here, the just-released, draft … Continue Reading

New Proposed Rule and Accompanying Guidance May Impose Additional Cybersecurity Burdens on Contractors Handling CUI

Pursuant to Executive Order 13,556 and as forecasted in the draft of the National Institute for Standards and Technology’s (“NIST”) Special Publication (“SP”) 800-171, the National Archives and Record Administration (“NARA”) released on May 8, 2015 a proposed rule addressing the government-wide designation and safeguarding of Controlled Unclassified Information[1] (“CUI”) (“the Proposed CUI Rule” or … Continue Reading

FISMA Updated and Modernized

On December 18, 2014, President Obama signed a bill reforming the Federal Information Security Management Act of 2002 (“FISMA”). The new law updates and modernizes FISMA to provide a leadership role for the Department of Homeland Security, include security incident reporting requirements, and other key changes. Background:  FISMA was originally passed in 2002 to provide … Continue Reading

Federal Information Technology Reform Act Included in the House-Passed NDAA FY 15

A major piece of IT acquisition reform legislation called the Federal Information Technology Acquisition Reform Act (“FITARA”), on which we have previously reported, was included in version of the National Defense Authorization Act for Fiscal Year 2015 (“NDAA FY 15”) passed by the House on December 4, 2014, along with other significant IT reform provisions related to … Continue Reading

NIST Draft Standards Provide Guidance For Protecting CUI on Contractor Systems

On November 18, the National Institute of Standards and Technology (“NIST”) released Draft Special Publication 800-171 (“SP 800-171”), which includes new recommended security controls for nonfederal organizations such as government contractors, state and local governments, and colleges and universities that “process, store, or transmit” controlled unclassified information (“CUI”) on their own systems.  These draft standards … Continue Reading

FDA Adopts Core NIST Framework in Guidance for Management of Cybersecurity in Medical Devices

The U.S. Food and Drug Administration recently became one of a number of federal agencies to adopt the National Institute of Standards and Technology’s (“NIST”) core cybersecurity framework.  On October 2, 2014, FDA issued final guidance on the content of premarket submissions for the management of cybersecurity in medical devices.  The final guidance sets forth … Continue Reading

New RFI Seeks Feedback on NIST Cybersecurity Framework

On February 12, 2013, President Obama issued Executive Order 13636, which directed federal agencies to undertake a broad range of tasks aimed at enhancing the security and resilience of the nation’s critical infrastructure.  One task directed the National Institute of Standards and Technology (“NIST”) to establish a technology-neutral, voluntary, risk-based cybersecurity framework. A year later, … Continue Reading
LexBlog