A new blog post from the Federal Trade Commission provides guidance to businesses on how the cybersecurity framework created by the National Institute for Standards and Technology (NIST) aligns with the FTC’s data security program.
The post outlines the key elements of the NIST framework and how it relates to the FTC’s long-standing approach to data security. It notes that the framework is not a checklist, but rather a method by which a company can identify risks and adjust its security efforts accordingly to ensure they are as effective as possible, which is consistent with the FTC’s focus on reasonable data security.
The blog also highlights various FTC enforcement cases in which the security problems alleged in the complaint mirror concerns addressed in the NIST framework. The blog post concludes that applying both the risk management approach presented by the framework and the FTC’s Start with Security guidance will lead to businesses providing more robust protections for consumers’ data.
SOURCE: Federal Trade Commission