InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NIST Proposes Update To Mobile Device Security Guidelines
On July 11, the National Institute of Standards and Technology released a proposed update to its guidelines for securing mobile devices. Originally published as Guidelines on Cell Phone and PDA Security, the proposed Guidelines for Managing and Securing Mobile Devices in the Enterprise offer new recommendations for devices used by the federal government. The draft guideline provide recommendations for developing centralized device management systems, with specific guidance related to (i) developing system threat models, (ii) establishing mobile device security policies, and (iii) implementing and testing prototype mobile device solutions, among other topics.
NIST Publishes Cloud Computing Guidance
Recently, the National Institute of Standards and Technology (NIST) published a document entitled Cloud Computing Synopsis and Recommendations, which (i) reprises NISTs definition of cloud computing, (ii) describes cloud computing benefits and open issues, (iii) presents an overview of the major classes of cloud technology, and (iv) provides guidance for organizations assessing cloud computing risks and opportunities. The NIST publication presents a range of factors to be considered as part of the overall business decision to employ cloud technology, including security issues related to data confidentiality and integrity. Although developed for use by federal agencies, the NIST report may influence policy decisions and may be a useful resource for private firms seeking to understand the benefits and risks of cloud technology.
NIST Publishes Recommendations for Establishing Governance Structure for Implementation of National Trusted Identities Strategy
On February 7, the National Institute of Standards and Technology (NIST) published a report with recommendations for developing a governance system to implement the National Strategy for Trusted Identities in Cyberspace (NSTIC). The NSTIC directs the federal government to work with private sector stakeholders to establish and maintain an identity ecosystem for internet transactions aimed at promoting trust, privacy, and security. The report summarizes comments received in response to a June 2011 Notice of Inquiry (NOI) that sought public input regarding the establishment and structure of a private sector-led steering group to implement the NSTIC. Based on those comments, stakeholder workshops, and best practices from similar governance efforts, the report presents recommendations in four areas: (i) steering group initiation, (ii) steering group structure, (iii) stakeholder representation, and (iv) international coordination. The report also includes a recommended charter to establish the steering group and notes that, subject to public comment and finalization of the approach outlined in the report, NIST intends to initiate a competitive grant program to fund a secretariat responsible for convening the initial steering group.
Pages
- « first
- ‹ previous
- 1
- 2
- 3
- 4