Other Cybersecurity Standards. In addition to the NIST Framework, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have issued cybersecurity standards. These various cybersecurity standards enable organizations to practice safe security techniques and minimize successful cybersecurity attacks. They provide general outlines as well as specific techniques for implementing cybersecurity. In some cases, obtaining certification under one of these standards might be a prerequisite to obtaining cybersecurity insurance. As noted above, it can also help defend against any FTC investigation and assertion of lax data security by a business. Federal Law and Proposed Legislation Congress has considered data privacy and security legislation that would have significant implications for U.S. businesses, their online and internet-connected products and services, and relations with the federal government. IoT Device Security The Internet of Things (IoT) Cybersecurity Improvement Act of 2020 was passed and signed into law on December 4, 2020. The Act requires the National Institute of Standards and Technology (NIST) to develop and publish (1) minimum security standards and guidelines on the use and management of IoT devices owned or controlled by a federal government agency, including requirements for managing cybersecurity risks; and (2) guidelines for disclosing security vulnerabilities of information systems, including IoT devices, by contractors (and subcontractors) who provide the technology to the agency. Agency heads cannot procure, obtain, or use an IoT device that fails to meet the standards and guidelines, unless a waiver is determined to apply.
57
Made with FlippingBook - Online Brochure Maker