NIST

Subscribe to NIST
Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Maida Oringher LernerPhoto of Michael G. Gruden, CIPP/GPhoto of Christopher Hebdon

The National Institute of Standards and Technology (NIST) recently released the final version of NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information. Designed to supplement the requirements in NIST SP 800-171—the applicable standard under DFARS 252.204-7012—800-172 provides 35 enhanced security requirements to protect controlled unclassified information (CUI) associated with

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Kristin MadiganPhoto of Jeffrey L. PostonPhoto of Evan D. Wolff

Last week, the President signed the Internet of Things (IoT) Cybersecurity Improvement Act into law, kicking off a multi-year process that will culminate in the first-ever federal requirements for IoT devices. Under the law, the National Institute of Standards & Technology (NIST) is now charged with drafting and finalizing security requirements for IoT devices, as

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Stephanie CrawfordPhoto of Michael G. Gruden, CIPP/G

Last week, the National Institute of Standards and Technology (NIST) published the draft NISTIR 8276 “Key Practices in Cyber Supply Chain Risk Management” providing Key Practices and related recommendations for monitoring, controlling, and understanding how to conduct cyber – supply chain risk management (C-SCRM). The Eight Key Practices are general and apply equally, in practice,

Photo of Evan D. WolffPhoto of Kate M. Growley, CIPP/G, CIPP/USPhoto of Maida Oringher LernerPhoto of Payal NanavatiPhoto of Michael G. Gruden, CIPP/G

The National Institute of Standards and Technology (NIST) recently published a draft special publication titled Systems Security Engineering: Resiliency Considerations for the Engineering of Trustworthy Secure Systems (Volume 2), which provides guidance to professionals responsible for the activities and tasks related to the system life cycle processes in NIST’s flagship publication, NIST Special Publication 800-160

Photo of Kate M. Growley, CIPP/G, CIPP/US

As defense contractors continue to push towards their end-of-year implementation deadline for NIST SP 800-171 under DFARS 252.204-7012, the National Institute of Standards & Technology (NIST) has given the contracting community some extra time to respond to a draft publication that outlines how they and their customers alike can assess compliance with the security standard. 

Photo of Peter J. Eyre

Crowell & Moring’s “Fastest 5 Minutes” is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without. This latest edition is hosted by partners Peter Eyre and David Robbins and includes updates on DoD’s plan to implement the 2017

Photo of Evan D. WolffPhoto of Kate M. Growley, CIPP/G, CIPP/US

After a year of development, NIST has released the long-awaited Cybersecurity Framework, which promises to have significant implications for the public and private sectors alike. The final version retains much of the Framework Core set forth in its draft version and provides a blueprint to align cybersecurity efforts, along with the accompanying Roadmap document

Photo of Kate M. Growley, CIPP/G, CIPP/US

After years of abortive attempts by Congress to enact comprehensive cybersecurity legislation, the President took matters into his own hands on February 12, signing an Executive Order, Improving Critical Infrastructure Cybersecurity.  Identifying the cyber threat as “one of the most serious national security challenges we must confront,” this Order, along with its contemporaneous Presidential