NIST Keeps IoT Hot with Draft Guidance
Client Alert | 1 min read | 01.22.21
The National Institute of Standards & Technology (NIST) has published three draft addenda to its manufacturer IoT guidance NISTIR 8259, as well as draft guidance for federal agencies, NIST SP 800-213, on integrating IoT devices into their networks. Notably, NIST published the addenda—8259B, 8259C, and 8259D—and 800-213 just days after the enactment of the Internet of Things Cybersecurity Improvement Act of 2020, in which Congress directed NIST to draft and finalize security guidelines for IoT devices procured by the federal government. While neither the 8259 addenda nor 800-213 fall within the Act's purview, they are likely to inform NIST's development of its IoT cybersecurity guidance under the Act. This is particularly true with regard to both 800-213 and addendum 8259D, the latter of which offers a "worked example" of implementing the core 8259 requirements within the specifications of the FISMA process and the NIST SP 800-53 security controls.
Contacts
Insights
Client Alert | 11 min read | 05.17.24
FTC Finalizes Modifications to Broaden the Applicability of the Health Breach Notification Rule
On April 26, 2024, the Federal Trade Commission (“FTC”) announced a final rule (“Final Rule”) modifying the Health Breach Notification Rule (“HBNR”). The Final Rule, which largely finalizes changes proposed in a Notice of Proposed Rulemaking published last year (“2023 NPRM”), broadens the scope of entities subject to the HBNR, including many mobile health applications (“apps”) and similar technologies, and clarifies that breaches subject to the HBNR include not only cybersecurity intrusions but also unauthorized disclosures, even those that are voluntary. The Final Rule will take effect 60 days after its publication in the Federal Register.
Client Alert | 5 min read | 05.16.24
CMS Finalizes Contested Rule on Nursing Home Staffing and Facility Assessments
Client Alert | 3 min read | 05.15.24
Client Alert | 3 min read | 05.14.24
