On February 26, 2024, the National Institute of Standards and Technology (NIST) released the long-awaited second version of the Cybersecurity Framework (CSF). Dubbed “CSF 2.0,” it contains a few ...

In this post in our series on basic cybersecurity concepts for lawyers (see here and here for prior posts), we delve into the National Institute of Standards and Technology (NIST) Cybersecurity ...

Emerging NIST guidance suggests that the long-standing practice of treating AI as “just software” for cybersecurity purposes is giving way to more novel approaches to managing AI risks.

The NIST Cybersecurity Framework 2.0 is designed to be universally applicable, extending its reach beyond critical infrastructure sectors to encompass all industries. This inclusive approach is a ...

NIST's CSF, used with other guidance, can help map risk to actual threats and better comply with security mandates such as the U.S.'s cybersecurity executive order. The U.S. federal government has ...

The message is that "risk management needs to be elevated to an enterprise-level, with key leadership involvement," Gartner's Katell Thielemann said. NIST is seeking feedback on this draft and the ...

A GAO report has found that additional actions are needed to establish cybersecurity framework adoption across agencies. GAO found that most of the 16 critical infrastructure sectors took action to ...

The National Institute of Standards and Technology (NIST) is seeking feedback on their draft Cybersecurity Framework (CSF) 2.0. The release of this public draft is an important milestone for ...

The General Services Administration's new requirements for protecting controlled unclassified information apply immediately to new contracts, at the contracting officer's discretion.

During my conversations with company leaders, I'm often asked how security measures can be improved. Usually, they mean their information security program, but sometimes they mean physical security ...

A group of five federal financial regulatory agencies is sunsetting a tool that banks use to assess cybersecurity risks, part of what an Office of the Comptroller of the Currency official said is an ...