Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


NIST releases preview of cybersecurity standards

“Discussion drafts” outline potential standards, agency seeks feedback

The National Institute of Standards and Technology (NIST) released a preview of what could be forthcoming cybersecurity standards.

The “discussion drafts,” which the NIST made available last week, are being developed as a part of President Obama’s cybersecurity executive order, which he signed in February. The purpose of the order is to expand private sector access to government information about potential threats to cybersecurity and it tasks the Department of Homeland Security with determining which companies are operating important infrastructure like the electric grid, "where a cybersecurity incident could reasonably result in catastrophic regional or national effects."

The agency is seeking feedback on the drafts, released on Aug. 30, and will outline potential standards for critical infrastructure firms and address concerns many in the business community had expressed about the standards during the comment phase.

The discussion drafts recommend companies develop cybersecurity capabilities in various areas, but they do not require firms to meet specific benchmarks.

Ahren Tyron, a partner at Cozen O’Connor, told the Wall Street Journal Law Blog that the documents demonstrate “the working group’s understanding of the importance of buy-in by companies’ executive leadership. The goal is to get high-level executives comfortable with the framework. NIST is avoiding being overly prescriptive so as to ensure the framework is widely applicable.”

The proposed standards are “not designed to replace existing processes” and are “not a one-size fits all approach,” the NIST said.

Whatever happens, the standards will be well received, as experts believe cybersecurity should be top of mind for in-house counsel.

“The world of cybersecurity has surpassed the exclusive purview of information technology and security departments, and is on the radar screens of legal departments to assist in assessing and managing the risks of information security breaches,” Daniel Lim, deputy GC of Guidance Software, said in an April InsideCounsel column

Read more about the proposed standards in the WSJ Law Blog.

For more InsideCounsel stories about cybersecurity, see:

Hotel chain challenges the FTC’s power to sue over data breaches

Obama appoints McAfee CTO as DHS undersecretary of cybercrime

Hackers steal $45 million from banks in ATM scheme

A cybersecurity primer for legal departments

Hiring law firm in wake of data breach gives companies the secrecy of privilege


Cathleen Flahardy

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.