Earlier this month, the National Institute of Standards and Technology (“NIST”) issued its fifth and latest draft of its “Security and Privacy Controls for Information Systems and Organizations” guidance document. The NIST guidance document expands on previous drafts that focused on privacy and security improvements for the federal government and now provides security and privacy improvements that can be implemented by other organizations.
With an eye toward the potential risks posed by the internet of things and the increase in connected devices, the latest draft of the guidance document aims to provide steps to developing a more concrete, and ultimately more secure, system for maintaining security and privacy. The new guidance prepares for the proliferation of the “Internet of Things”- connected devices that contain remote sensors and media collection mechanisms such as cameras and recorders. Finally, the guidance contains new sections geared towards enterprise security and privacy professionals, electronic and networking component developers and systems engineers.
Takeaway: The NIST’s move to develop draft guidance for both government and industry professionals illustrates a growing awareness about the security and privacy risks associated with growing technologies, including the internet of things.