2 min read

NIST Security Draft Promises New Privacy Standards for US Federal Agencies

Liviu ARSENE

August 18, 2017

NIST Security Draft Promises New Privacy Standards for US Federal Agencies

The US National Institute of Standards and Technology (NIST) has drafted a new set of privacy standards that US federal agencies will have to abide by when implementing new interconnected systems related to the internet-of-things (IoT).

The draft, entitled “Security and Privacy Controls for Information Systems and Organizations”, addresses the security and privacy concerns expressed by the US”s Task Force on Cyber Defense, which stated that the risks of interconnecting new devices to critical infrastructure should not be taken lightly. The draft focuses on privacy and new technologies and products, emphasizing the need for stricter integration of controls and regulations not just for federal agencies, but for other organizations as well.

“Individual privacy cannot be achieved solely through securing personally identifiable information,” reads the draft. “Consequently, this publication contains controls designed to meet privacy requirements and to manage the privacy risks associated with an organizations” creation, collection, use, processing, storage, maintenance, dissemination, disclosure, or disposal of personally identifiable information separate from security concerns.”

While the document mainly focuses on federal institutions, recommending how privacy and security controls should be put in place when integrating new technologies, it also touches on personally identifiable information (PII) and how consumers should be warned regarding the data being collected. Somewhat similar to the European Union”s General Data Protection Regulation (GDPR), the NIST draft also states that users should be given clear, concise information about what PII is collected from them.

“To help users understand the risks being accepted when providing consent, organizations write materials in plain language and avoid technical jargon,” reads the NIST draft. “When developing or purchasing consent tools, organizations consider the application of good information design procedures in all user-facing consent materials; use of active voice and conversational style; logical sequencing of main points; consistent use of the same word (rather than synonyms) to avoid confusion; the use of bullets, numbers, and formatting where appropriate to aid readability; and legibility of text, such as font style, size, color, and contrast with surrounding background.”

A final draft of the documented is expected in October. If approved, it will significantly impact US infrastructures and the way new technologies are integrated from both a security and privacy perspective.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read