On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last edition of which was published in 2016. This most recent edition of this non-binding guidance leverages agency research, industry voluntary standards, and findings […]
National Institute for Standards and Technology (NIST)
New Law Requires HHS to Consider Recognized Security Practices as Mitigating Factor When Determining Penalties
On January 5, 2021, the president signed into law H.R. 7898, an Act that amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Secretary of Health and Human Services (HHS) to consider specific recognized security practices of covered entities and business associates when making certain determinations regarding fines, penalties, […]
NIST Releases Updated Cyber Framework V1.1
On December 5, 2017, the National Institute of Standards and Technology (NIST) released a revised draft of its proposed updates to its Framework for Improving Critical Infrastructure Cybersecurity. The revised draft includes a new section on communicating with stakeholders about cybersescurity requirements, addresses stakeholder concerns regarding cybersecurity supply chain risk management and measuring cybersecurity risks […]
Report Suggests Organizations Still Vulnerable to Credential Management and Network Segmentation Attacks
The Multi-State Information Sharing and Analysis Center (MS-ISAC) published its 2016 mid-year review on August 22, 2016, highlighting large incidents of malware infections, with particular emphasis on ransomware and click fraud malware. In contrast to the MS-ISAC report, however, an August 2016 report suggests most organizations would benefit from addressing issues of credential management and […]
HHS Issues HIPAA Security Rule Crosswalk with NIST Cybersecurity Framework
Last week, the HHS Office for Civil Rights (OCR) released a crosswalk between the requirements of the HIPAA Security Rule and the NIST Cybersecurity Framework. The crosswalk – which was developed in conjunction with the National Institute of Standards and Technology (NIST) and the HHS Office of the National Coordinator for Health IT – maps each […]