All NIST articles

  • Health records

    Proposed NIST cybersecurity guide incorporates HIPAA Security Rule


    The National Institute of Standards and Technology is seeking comment on proposed guidance intended to help healthcare organizations that fall under the regulatory umbrella of the Health Insurance Portability and Accountability Act’s Security Rule.

  • 300x200 logo

    Webcast: Importance of adopting a cybersecurity risk management framework

    2022-06-16T14:00:00Z Provided by

    More and more commercial organizations are voluntarily adopting cybersecurity risk management frameworks like NIST CSF, COBIT, ISO, and others considering recent legislation, executive orders, and reporting requirements.

  • Ransomware Chapter 1_1

    Chapter 1, Part 1: Betsy’s human error triggers ransomware crisis


    When one of fictional private utility company Vulnerable Electric’s most dedicated employees falls victim to a social engineering hack, her actions in the immediate aftermath are crucial to what will soon become a crisis for the C-suite.

  • Ransomware

    TPRM 2021: What to do before, during, and after a ransomware attack


    Two risk and compliance practitioners opened their cyber-playbooks at CW’s TPRM virtual event, explaining how to identify and address vulnerabilities, establish transparency with vendors, and strengthen an organization’s incident management program.

  • Cloud supply chain

    New NIST revisions expand scope of cyber supply chain risk management guidance


    The National Institute of Standards and Technology is seeking comment on a revised version of its cyber supply chain risk management guidance that is intended for a broader audience of public and private companies.

  • NIST

    NIST guidance tackles how to integrate cyber-security with ERM


    New guidance from NIST aims to demystify a process with which many companies across all industries have long struggled: how to seamlessly integrate cyber-security risk into an overall enterprise risk management program.

  • Cyber-security

    Report slams ‘woefully lax’ cyber-security controls at CIA


    Cyber-security protections deployed for some of the nation’s most secret data was “woefully lax,” according to a 2017 intelligence brief that detailed shortcomings at the CIA following the agency’s 2016 data breach.

  • NIST

    NIST seeks comment on ransomware, cyber-attack guidance


    The National Institute of Standards and Technology is seeking input on a trio of draft guidance published in the past week. Two of the drafts address ransomware attacks, and the third addresses protecting against cyber-attacks in the supply chain.

  • Timeline

    Compliance 2020: A timeline


    Compliance Week looks back at two decades of scandals, enforcement actions, and regulatory policies (2000-2019) that shaped the compliance function we see today.

  • PraiseCriticism

    FTC proposes five amendments to NIST Privacy Framework


    The FTC has submitted comment on NIST’s draft Privacy Framework, praising the agency for its proposal to help firms open a privacy dialogue and suggesting five amendments to improve upon the draft.

  • DataBridge

    NIST provides guidance on how to bridge privacy, cyber-security processes


    NIST’s new draft Privacy Framework offers much-needed guidance to help companies align their data privacy and cyber-security risk management practices.

  • /img/field/image/cybermazehome

    Understanding NIST’s new Risk Management Framework


    NIST’s new Risk Management Framework—used with the agency’s Cybersecurity Framework—offers companies direction in integrating cyber-security, privacy, and supply-chain risk management.

  • Article

    Interpreting the new NIST Cybersecurity Framework


    The National Institute of Standards and Technology has published an update to its widely adopted Cybersecurity Framework, implementing significant revisions.

  • Blog

    NIST seeks comment on cyber-security framework update


    A leading framework for addressing cyber-security is getting an update, and the National Institutes of Standards and Technology is looking for input. Tammy Whitehouse reports.

  • AuditTechBackground

    CAQ: Audit’s role in cyber-security exams


    Public company auditors are suggesting that companies voluntarily submit to an independent cyber-security examination separate from the existing financial statement audit. Tammy Whitehouse explores a new process for examining and reporting on a company’s cyber-security risk management.

  • Article

    How to Simplify Cyber-Security Controls Amid Abundant Laws


    By now every compliance officer has already heard the warning that it’s a matter of when you suffer a cyber-security breach, not if. Then comes compliance with breach disclosure rules—and those demands are becoming as perplexing as the cyber-threat itself. Overwhelmed, compliance officers are seeking ways to navigate these demands ...

  • Article

    Eliminating Cyber-Threats From the IT Supply Chain


    Image: The longer a global supply chain grows, the less assurance corporations have in the integrity and security of their products and operations. Now NIST is trying to pierce that fog with new guidance, and compliance officers in the private sector might want to take notice. “Cyber-supply chain risk management ...

  • Article

    Smarter Assessments of Cyber-Risk


    Image: Every compliance and audit executive wants to manage cyber-security risks. That assumes, however, that the whole organization agrees on what a cyber-security risk is. Taxonomies do exist to build a more disciplined approach to cyber-security. Try to take all steps to manage all such risks, and “it’s going to ...

  • Article

    COSO Tacks Toward Cyber-Security


    As cyber-security works its way onto the corporate board agenda, COSO is suggesting ways that its frameworks for internal control and risk management can be a starting point for companies to anticipate fast-emerging risks. “Just as the board is responsible for enterprise risk management, this is very similar,” says Mike ...

  • Blog

    Another Step Forward in Tackling Cyber-Security Risk


    Image: Dec. 31—COSO’s Internal Control — Integrated Framework talks a good game about being useful beyond financial reporting risks, but Compliance Week Editor Matt Kelly has always wondered how that works in practice. Then came a nifty piece of guidance: a taxonomy of operational risks in cyber-security, published by the ...