Priya Patel
TLDR:
Key Points:
- US Commerce Department released updated cybersecurity guidance on Feb. 26.
- New framework includes sections on corporate governance responsibilities and supply chain risks.
In the latest Cybersecurity guidance released by the US Commerce Department, the National Institute of Standards and Technology (NIST) has expanded its focus beyond critical infrastructure to address broader cyber governance and supply chain risks. This updated framework provides a roadmap for regulators and companies alike to enhance their cybersecurity practices and compliance.
Full Article:
The updated NIST Cybersecurity Framework has expanded its corporate focus, offering advice for entities ranging from small businesses to organizations employing artificial intelligence. The framework includes new sector-specific implementation guides and a terminology reference tool to help organizations establish metrics for their cybersecurity practices. Financial regulators are encouraged to adopt this framework as a starting point for regulation, which may lead to a common understanding of key cybersecurity terms and standards across agencies.
The framework emphasizes the importance of senior leadership embracing responsibility for network security, including monitoring threats from vendors and managing supply chain risks. Financial regulators have already started incorporating elements of the framework in their enforcement actions, such as using self-assessments based on NIST standards as supporting evidence in lawsuits. Several states have codified the framework in laws to promote cybersecurity hygiene and protect companies from punitive damages in data breach litigation.
The framework serves as a set of best practices for organizations to improve their security posture and supply chain practices. It includes material tailored to the cybersecurity needs of small businesses and offers practical steps to establish cybersecurity response teams. By following the guidance provided in the framework, entities can better protect themselves from regulatory inquiries and litigation following a cyberattack.
In conclusion, the revamped cybersecurity guidance from the US Commerce Department and NIST is a valuable resource for regulators and companies to enhance their cybersecurity practices and compliance efforts. By implementing the best practices outlined in the framework, organizations can strengthen their security posture and mitigate potential cyber threats.
