National Institute of Standards and Technology (NIST)

On August 8, 2023, the National Institute of Standards and Technology (“NIST”) released a draft of The NIST Cybersecurity Framework (CSF) 2.0,1 (the “CSF” or “Framework”) along with a Discussion Draft of the Implementation Examples.2 This draft makes the most significant changes to the Framework since its initial release in 2014.

On September 14, 2022, the US Office of Management and Budget (OMB) published a memorandum, M-22-18, requiring federal agencies to comply with previously announced guidelines for ensuring the integrity of third-party software on an agency’s information systems or that otherwise affects government information. Applicable to firmware, operating systems, applications, and application services (e.g., cloud-based

To facilitate cyber incident response in practice, many organizations are building “cybersecurity playbooks” that provide tailored, practical guidance that enhances organizational readiness. During a cyber incident, easy access to actionable material can be central to an effective response. The content, audience and goals for a playbook may vary. For example, they may contain highly technical

American businesses are presented with great economic opportunities as connected devices—often referred to as the Internet of Things—quickly become integrated into consumers’ daily lives. However, these opportunities are accompanied by new legal risks; for example, class action lawsuits have alleged that connected products were inadequately secured against cyber threats or violated user privacy. Against this

On May 11, 2017, President Donald Trump signed Executive Order 13800 (“EO 13800”), titled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” This executive order constitutes the first significant action to address cybersecurity by the Trump administration. The executive order is divided into three sections addressing cybersecurity for federal networks, critical infrastructure, and the

Three years ago, the National Institute of Standards and Technology (“NIST”) released the “Framework for Improving Critical Infrastructure Cybersecurity.” In the intervening years, NIST and numerous other US government departments and agencies have continued to release guidance on how to improve cybersecurity using a tailored risk management framework. In recent months, NIST has continued this

On December 1, 2016, the US Commission on Enhancing National Cybersecurity (the “Commission”) presented its final report to President Obama, Report on Securing and Growing the Digital Economy. While directed to President Obama, the report is also intended to be a helpful guide for the next administration on “strengthening cybersecurity in the public and

Effective responses to cybersecurity incidents rely in large part upon three key elements: personnel, planning and practice. An organization’s incident response team must include capable personnel with the appropriate authority to act, requisite expertise and adequate training. An organization also needs a written plan customized to meet its business, industry and regulatory environment, among other