Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • NIST Proposes Update To Mobile Device Security Guidelines

    Fintech

    On July 11, the National Institute of Standards and Technology released a proposed update to its guidelines for securing mobile devices. Originally published as Guidelines on Cell Phone and PDA Security, the proposed Guidelines for Managing and Securing Mobile Devices in the Enterprise offer new recommendations for devices used by the federal government. The draft guideline provide recommendations for developing centralized device management systems, with specific guidance related to (i) developing system threat models, (ii) establishing mobile device security policies, and (iii) implementing and testing prototype mobile device solutions, among other topics.

    NIST Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • NIST Publishes Cloud Computing Guidance

    Fintech

    Recently, the National Institute of Standards and Technology (NIST) published a document entitled Cloud Computing Synopsis and Recommendations, which (i) reprises NIST’s definition of cloud computing, (ii) describes cloud computing benefits and open issues, (iii) presents an overview of the major classes of cloud technology, and (iv) provides guidance for organizations assessing cloud computing risks and opportunities. The NIST publication presents a range of factors to be considered as part of the overall business decision to employ cloud technology, including security issues related to data confidentiality and integrity. Although developed for use by federal agencies, the NIST report may influence policy decisions and may be a useful resource for private firms seeking to understand the benefits and risks of cloud technology.

    NIST Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • NIST Publishes Recommendations for Establishing Governance Structure for Implementation of National Trusted Identities Strategy

    Fintech

    On February 7, the National Institute of Standards and Technology (NIST) published a report with recommendations for developing a governance system to implement the National Strategy for Trusted Identities in Cyberspace (NSTIC). The NSTIC directs the federal government to work with private sector stakeholders to establish and maintain an identity ecosystem for internet transactions aimed at  promoting trust, privacy, and security. The report summarizes comments received in response to a June 2011 Notice of Inquiry (NOI) that sought public input regarding the establishment and structure of a private sector-led steering group to implement the NSTIC. Based on those comments, stakeholder workshops, and best practices from similar governance efforts, the report presents recommendations in four areas:  (i) steering group initiation, (ii) steering group structure, (iii) stakeholder representation, and (iv) international coordination. The report also includes a recommended charter to establish the steering group and notes that, subject to public comment and finalization of the approach outlined in the report, NIST intends to initiate a competitive grant program to fund a secretariat responsible for convening the initial steering group.

    NIST Privacy/Cyber Risk & Data Security

    Share page with AddThis

Pages