NIST Releases New Draft of Artificial Intelligence Risk Management Framework for Comment

Share

The National Institute of Standards and Technology (NIST) has released the second draft of its Artificial Intelligence (AI) Risk Management Framework (RMF) for comment. Comments are due by September 29, 2022.

NIST, part of the U.S. Department of Commerce, helps individuals and businesses of all sizes better understand, manage and reduce their respective “risk footprint.”  Although the NIST AI RMF is a voluntary framework, it has the potential to impact legislation. NIST frameworks have previously served as basis for state and federal regulations, like the 2017 New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500).

The AI RMF was designed and is intended for voluntary use to address potential risks in “the design, development, use and evaluation of AI products, services and systems.” NIST envisions the AI RMF to be a “living document” that will be updated regularly as technology and approaches to AI reliability to evolve and change over time.

Continue reading “NIST Releases New Draft of Artificial Intelligence Risk Management Framework for Comment”

“Zero Trust Architecture” Is Officially Here: NIST Publishes New Cybersecurity Framework

Share

The National Institute of Standards and Technology, commonly referred to as NIST, recently published a new computer framework for users to consider as a cyber-framework security model — the Zero Trust Architecture Model (ZTA). This new model was officially published in NIST SP 800-207 in late 2020.

Continue reading ““Zero Trust Architecture” Is Officially Here: NIST Publishes New Cybersecurity Framework”

NIST Unveils IoT Baseline of Core Cybersecurity Features for Comment

Share

In a release aptly labeled “A Starting Point for IoT Device Manufacturers” the National Institute of Standards and Technology (NIST), an arm of the Department of Commerce, recently added to the discussion with the publication. NIST sought to provide IoT device manufacturers a better understanding of appropriate cybersecurity features for the vast and constantly proliferating range of IoT devices. NIST’s fundamental purpose is to improve the securitibility of IoT devices and to identify, in general terms, the features that can be designed so that customers can better use them to manage cybersecurity risk profiles.

Continue reading “NIST Unveils IoT Baseline of Core Cybersecurity Features for Comment”

NIST Privacy Framework Takes Shape

Share

As previously reported, the National Institute of Standards and Technology (NIST) is developing a voluntary Privacy Framework in collaboration with private- and public-sector stakeholders. The goal is to help organizations better identify, assess, manage, and communicate their privacy risks. Other benefits anticipated from this project are fostering the growth of innovative approaches to protecting individual privacy and creating greater trust in products and services that may use the Framework once it is established.

Continue reading “NIST Privacy Framework Takes Shape”

NIST Seeks Public Comment on Developing a Privacy Framework

Share

The National Institute of Standards and Technology (NIST) published its request for information (RFI) covering a series of questions designed to assist in the development of a voluntary framework meant to improve the management of the privacy risk that could arise from the collection, storage and use of individuals’ information in the Federal Register on November 14, 2018.

Continue reading “NIST Seeks Public Comment on Developing a Privacy Framework”

NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18

Share

On February 14, 2018, the National Institute of Standards and Technology (NIST) released a draft of its NIST Interagency Report 8200 (NISTIR 8200), which is intended to inform policymakers and standards participants in developing and implementing cybersecurity standards in and for IoT devices and systems.  At a high level, the draft report is intended to:

  • provide a functional description for IoT (Section 4);
  • describe several IoT applications that are representative examples of IoT (Section 5);
  • summarize the cybersecurity core areas and provides examples of relevant standards (Section 6);
  • describe IoT cybersecurity objectives, risks, and threats (Section 7);
  • provide an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
  • map IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).

Continue reading “NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy