NIST Releases Cybersecurity Framework Update

The National Institute of Standards and Technology (NIST) has updated the original NIST Cybersecurity Framework, first released in 2014. The draft update was released on January 10 and contains many of the anticipated revisions as well as:

  • Significant updates to the cyber supply chain risk management
  • Defined cybersecurity terminology
  • Identity Management and Access Control updates (including “identity proofing”)
  • A new section on cybersecurity measurement

Comments on the proposed updates are due by April 10, 2017.


House Committees Pledge Cooperation on DHS Reauthorization Legislation

January 12, 2017–The chairs of eight House committees with jurisdiction over the Department of Homeland Security have signed a memorandum stating that they will cooperate on legislation to reauthorize DHS.

The agreement among the committee chairs was announced today by Rep. Michael McCaul (R., Texas), chairman of the House Homeland Security Committee. Rep. McCaul said last week (TRDaily, Jan. 5) that he had reached a memorandum of understanding with other committee chairs to help speed reauthorization legislation, and that he was “very optimistic that we will see that legislation . . . one of the first coming out of my committee.”

Central to Rep. McCaul’s push for DHS reauthorization is his oft-stated goal of transforming the agency’s National Protection and Programs Directorate (NPPD) into an operational unit devoted to the protection of critical infrastructure, to be called the Cybersecurity and Infrastructure Protection Agency within DHS. DHS Secretary has Jeh Johnson has voiced support for such a move. Continue reading

FCC Daily Digest, December 28, 2016

Released:  12/28/2016.  PUBLIC SAFETY AND HOMELAND SECURITY BUREAU RELEASES ITS INITIAL FINDINGS REGARDING THE 2016 NATIONWIDE EAS TEST. (DA No.  16-1452). (Dkt No 15-94 )  This Public Notice provides an initial overview of the nationwide EAS test results and highlights several opportunities for strengthening the EAS.

NIST Seeking Vendors for Authentication Project

December 19, 2016–The National Institute of Standards and Technology and its National Cybersecurity Center of Excellence (NCCoE) said today they released a “Federal Register” notice for their Multifactor Authentication for e-Commerce project, and are inviting technology vendors to participate in the project build.  “This project aims to help retailers implement stronger authentication mechanisms to ensure the user is authorized to use the card for e-commerce, card-not-present transactions, using standards-based commercially available and/or open source products,” NIST said.

Courtesy TRDaily


Johnson Commits DHS to Implementing IP Enforcement Strategic Plan

December 13, 2016–Homeland Security Secretary Jeh Johnson said today that “DHS is pleased to implement the action items listed” in the U.S. Joint Strategic Plan on Intellectual Property Enforcement for fiscal years 2017 to 2019 released yesterday (TRDaily, Dec. 12).  Among the DHS action items in the strategic plan are promoting and expanding U.S. law enforcement partnerships with e-commerce platforms “to keep these legitimate platforms from unwittingly facilitating intellectual property theft,” he said.

Courtesy TRDaily


OEC Outreach Clips: How should states prepare for FirstNet opt-out decision? Source Urgent Communications

According to the FirstNet team, the request for proposals (RFP) award announcement could be made as early as the first week of November, though it may take some time after the announcement for all of the t’s to be crossed and i’s to be dotted in the formal contract.  In the meantime—during the month of October and the period after the announcement but before the contract award—states should be preparing to make the best decision possible when it comes to opting in or out of FirstNet. There are 47 states that have not yet gone public with any concept or RFP. However, these states can follow models from states that have publicly initiated steps toward the decision process. How should states prepare for FirstNet opt-out decision?