A lot of organizations, including small businesses and critical
infrastructure operators, might soon get new technical security
requirements from the federal government. This will probably be very
costly, especially for small businesses that don't already implement the
kinds of security measures that are standard for large federal
contractors. I'll give a brief overview of two new efforts: a bill in
the US Senate called the Cybersecurity Act of 2012 (CSA) that, if
passed, will impact critical infrastructure operators, and a new
federal contracting rule that's closely related to parts of CSA in its
goals and technical details. Both of these efforts focus on NIST's Risk
Managment Framework, and if you're not already familiar with this
process, now might be the time to get up to speed.
Read more at the Galois blog.
No comments:
Post a Comment