NIST has published its definition of "critical software" for the U.S. federal government as the standards agency begins fulfilling requirements laid out in President Biden's executive order on cybersecurity. The software part of the executive order looks to reduce the threat of supply chain attacks.
President Biden's recent executive order for bolstering cybersecurity of the federal government contains provisions for enhancing supply chain security that are similar to proposals by the Food and Drug Administration to improve medical device security. But how are the FDA's healthcare-related provisions doing?
No one needs more stats about the skills gap in cybersecurity; many organizations are obviously facing challenges in recruiting, skilling, and retaining security professionals. We haven’t written this cheat sheet to tell you what you already know. Instead, we will outline a realistic strategy for workforce-wide...
The U.S. federal government is increasingly using IoT devices across its agencies, which has raised concerns about security. NIST has published draft guidance to help federal agencies navigate safe IoT deployment and use, says Kat Megas, program manager in NIST's Cybersecurity for IoT Program.
In the wake of the SolarWinds breach, NIST's Ron Ross has turned his attention to systems security engineering - and the reality that the adversaries are exploiting it to their advantage better than the defenders are. This disparity, Ross says, has to change.
Under legislation passed by Congress this weekend that awaits President Trump's signature, HIPAA enforcers, when considering financial penalties for compliance violations, would need to determine whether an organization had implemented "recognized security practices," such as the NIST Cybersecurity Framework.
President Donald Trump on Friday signed into law the Internet of Things Cybersecurity Improvement Act of 2020, the first U.S. federal law addressing IoT security. The act requires federal agencies to only procure devices that meet minimum cybersecurity standards.
Many healthcare organizations are failing to address shortcomings in security risk management for their supply chains, says former healthcare CIO David Finn, describing findings of a recent study assessing the state of cybersecurity in the sector.
The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them.
State CISOs are finding it challenging to meet the needs for risk management and new cybersecurity investments at a time when tax revenue continues to shrink during the COVID-19 pandemic and agencies are expecting budget cuts.
"Where do I start?" It's the most common question posed by data protection professionals tasked with leading a new data privacy management effort. Whether it's developing a data inventory, drafting a breach notification plan, or selecting controls to implement, a good place to start is with the NIST Privacy...
Dallas County, one of the 10 largest counties in the U.S., was accustomed to an entirely on-premises workforce. Then came the pandemic. The Texas county's CISO, Michael Anderson, tells how he planned for business resiliency - and why he owes it all to frameworks.
Metrics can help CISOs clearly communicate the potential impact of risks to senior executives and win support for a risk management strategy, say Randall Frietzsche, enterprise CISO of Denver Health, and consultant Dave Bailey of CynergisTek, who describe a step-by-step approach in a joint interview.