On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework for Improving Critical Infrastructure Cybersecurity, which was first issued in February 2014 (NIST Cybersecurity Framework).
Specifically, NIST identifies the Privacy Framework
The Department of Commerce (Commerce) recently issued a proposed regulation to better secure the United States’ information and communications technology and services (ICTS) supply chain. The ICTS supply chain supports how government, industry and the public communicate and conduct their business. The ICTS supply chain encompasses the generation, storage and transmission of data for critical
Being a small business can have its advantages. Federal procurement rules provide that certain contracting opportunities may be set-aside for small business competition. Small businesses also may be exempt from certain procurement provisions, such as subcontracting plan requirements and coverage under Federal Cost Accounting Standards (CAS). Prime and higher-tier subcontractors also are incentivized to use
Last month we reported on the Department of Defense’s (DoD’s) issuance of Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) standard. That draft included DoD updates and revisions to CMMC’s domains, capabilities and practices for Levels 1 through 3. It deferred revisions to those parts of CMMC covering Levels 4 and 5. On
Supply chain risks are on the rise. Protecting the supply chain is a critical aspect of our national security, health and public safety. Whether parts are electronic or not, if they aren’t what they are represented to be, don’t do what they are supposed to do, or do things that they’re not supposed to do,