Newsletter

The Private Sector Should Watch NIST’s Broad Work on Privacy and Cybersecurity Guidance

September 2022

Privacy In Focus®

NIST continues to work on several cybersecurity and privacy workstreams of interest to the private sector. While NIST has traditionally supported federal agencies’ IT security, over the past several years it has taken on (and been delegated) several workstreams under Executive Orders and legislation to address multiple aspects of privacy and security, including key areas of technological innovation. Examples of open workstreams that may impact the private sector include:

Perhaps of more critical and widespread importance, NIST is revising its foundational Framework for Critical Infrastructure Cybersecurity, created in 2014 and revised in 2018 as version 1.1. Public comments on the pending revision suggested a variety of paths, some modest and some transformational. NIST has touted its first workshop on the NIST Cybersecurity Framework update, “Beginning our Journey to the NIST Cybersecurity Framework 2.0”, which was held virtually on August 17, 2022 with almost 4,000 attendees from 100 countries. Given the foundational role of the NIST Framework to many private organizations’ cyber strategies, major changes should be watched carefully for potential need for compliance program adjustments.

There are myriad other projects underway at NIST and at the National Cybersecurity Center of Excellence (NCCoE) that examine practical applications in privacy, network security, digital identity, and other important parts of organizations’ risk management strategies. The staff at NIST and NCCoE are accessible and interested in meaningful private input to inform their workstreams.

© 2022 Wiley Rein LLP

Read Time: 3 min
Jump to top of page

By using this site, you agree to our updated Privacy PolicyTerms & Conditions, and Cookies Policy.