NIST Security Draft Promises New Privacy Standards for US Federal Agencies
The US National Institute of Standards and Technology (NIST) has drafted a new set of privacy standards that US federal agencies will have to abide by when implementing new interconnected systems related to the internet-of-things (IoT).
The draft, entitled “Security and Privacy Controls for Information Systems and Organizations”, addresses the security and privacy concerns expressed by the US”s Task Force on Cyber Defense, which stated that the risks of interconnecting new devices to critical infrastructure should not be taken lightly. The draft focuses on privacy and new technologies and products, emphasizing the need for stricter integration of controls and regulations not just for federal agencies, but for other organizations as well.
“Individual privacy cannot be achieved solely through securing personally identifiable information,” reads the draft. “Consequently, this publication contains controls designed to meet privacy requirements and to manage the privacy risks associated with an organizations” creation, collection, use, processing, storage, maintenance, dissemination, disclosure, or disposal of personally identifiable information separate from security concerns.”
While the document mainly focuses on federal institutions, recommending how privacy and security controls should be put in place when integrating new technologies, it also touches on personally identifiable information (PII) and how consumers should be warned regarding the data being collected. Somewhat similar to the European Union”s General Data Protection Regulation (GDPR), the NIST draft also states that users should be given clear, concise information about what PII is collected from them.
“To help users understand the risks being accepted when providing consent, organizations write materials in plain language and avoid technical jargon,” reads the NIST draft. “When developing or purchasing consent tools, organizations consider the application of good information design procedures in all user-facing consent materials; use of active voice and conversational style; logical sequencing of main points; consistent use of the same word (rather than synonyms) to avoid confusion; the use of bullets, numbers, and formatting where appropriate to aid readability; and legibility of text, such as font style, size, color, and contrast with surrounding background.”
A final draft of the documented is expected in October. If approved, it will significantly impact US infrastructures and the way new technologies are integrated from both a security and privacy perspective.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
FOLLOW US ON
You might also like
August 02, 2021
July 30, 2021