The Significance of the NIST Privacy Framework
Mali Yared, Practice Director, Cyber Risk Advisory & Privacy, Coalfire
Kudos to the NIST Privacy Team! Privacy Framework v.1.0 has finally been released. I’ve been tracking the growth of this initiative since the focus group was kicked off in September 2018 and respect its thoroughly explored yet fundamentally grass roots approach. A few points worth bringing to your attention:
Healthcare Slow to Adopt NIST Digital Identity and Authentication Guidance
Rich Curtiss, Director, Healthcare Risk Assurance Services
The National Institute of Standards and Technology (NIST) published an updated guide (Special Publication 800-63b) for Digital Identity Guidance in June 2017. This is a comprehensive and holistic guide to authentication processes, which includes choices of authenticators that may be used at various Authenticator Assurance Levels (AALs). It provides recommendations on the lifecycle of authenticators, including revocation in the event of loss or theft, complexity requirements, and authenticator expirations.
A huge applause from the NIST-OCR-HIPAA 2015 conference
Andrew Hicks, Managing Principal, Coalfire
It looked like the 8th annual conference may have garnered record-breaking attendance as I noticed hotel staff rushing to add skirted tables and chairs to the back of the room to accommodate a standing-room-only crowd. I guess that was to be expected given the star-studded line-up of presenters including HHS OCR Director Jocelyn Samuels, her brand new Deputy Director, Deven McGraw, and the OCR enforcer, Iliana Peters. We also heard from government officials at the FTC, the ONC, NIST’s NCCoE, and the HHS Preparedness and Response office. The audience responded to each session with a line of people trailing from the microphone set up for Q&A – and with excellent questions, too!