Regulations, Frameworks, and Controls - May 21, 2021

Using FAIR and NIST CSF for Security Risk Management

Risk management and risk assessments go hand in hand, and most organizations have completed a security assessment based on maturity models at some point in their existence. However, more companies are realizing the need to complement maturity models with a risk-based approach for assessing their cybersecurity positions. By Shelley Bland I May 18, 2021

Critical Infrastructure Attacks: Threat Landscape Forces Security to Evolve

Ongoing and recent outages at critical infrastructure entities highlight the sophistication and evolution of the threat landscape, driving the need for improved security posture in healthcare. By Jessica Davis I May 17, 2021

NIST's role under the recent US cyber EO. An NTSB for cyber incidents? Post-Colonial legislation.

The National Institute of Standards and Technology (NIST) recaps its new duties under Executive Order (E0) 14028, “Improving the Nation’s Cybersecurity.” NIST will craft standards and tools in consultation with stakeholders to strengthen software supply chain security from development and vendor vetting to implementation and testing, with an accelerated timeline for guidelines surrounding “critical software.” The agency is tasked with defining “critical software” with reference to features like network access, system interdependence, the criticality of function, and consequences if compromised. As we’ve seen, the resulting standards will guide Federal software procurement. By the CyberWire staff I May 19, 2021