NIST Developing Cybersecurity Best Practices

K&L Gates lawyers Nickolas MilonasMarc Martin, and Paul Stimers have posted an article at TMT Law Watch covering the recent Cyberspace Executive Order signed by President Obama.  “Cybersecurity Executive Order Aims to Increase Information Sharing and Strengthen Defenses” addresses  the contents of the order as well as the reception by industry groups, privacy groups and legislators.  A key part of the Executive Order is the requirement that NIST develop cybersecurity best practices within the next eight months:

The order also directs the Commerce Department’s National Institute of Standards and Technology (NIST) to work with companies that operate critical infrastructure components in developing a set of cybersecurity best practices within 240 days of the order. The order requires that NIST’s framework be “technology neutral” and focused on “cross-sector security standards and guidelines applicable to critical infrastructure.” As part of this process, federal agencies will need to review their existing cybersecurity regulations, in consultation with the industries they regulate, to determine if existing measures are consistent with NIST’s new standards.

These best practices will certainly filter down to cloud providers and could eventually be viewed as the minimum industry standard security practices for the cloud industry.  For this reason, cloud providers and cloud customers should pay special attention as they develop.

You can read the full article here.

Leave a Comment