August Standards Updates: FedRAMP Seeks Help, HIPAA Concerns, ISO “Landmark” and NIST DevelopmentsPublished September 2, 2015 by Danny Madigan • 2 min read
The standards set forth by the High Impact Baseline will allow commercial cloud service providers to host sensitive information in their systems. Considering the potential that this Baseline has to shape the FedRAMP program going forward, officials are working hard to ensure that they get the standard right. After receiving public comments on their draft of the High Impact Baseline, FedRAMP is looking for help from federal employees to revise the standards set forth. FedRAMP plans to create “The Tiger Team,” which will consist of federal IT managers who can facilitate and oversee the revision process and prepare a final draft of the Baseline, which is scheduled to be finished prior to year end.
On August 10th, Payments UK published the first draft of ISO 20022 payment messages standard, which will be used to support real-time payments. Many international bodies see this development as an opportunity to make a “truly global” standard that will facilitate international payment processes going forward. Barry Kislingbury, an official at ACI Worldwide captured the potential prospects of this standard exclaiming, “By enabling the interoperability of domestic immediate payment schemes, ISO 20022 could lay the foundations for a global, interoperable, immediate payments environment – which is a very exciting prospect for us all, as consumers and members of the industry.”
A recent survey, investigating 769 healthcare providers on their HIPAA policies and compliance initiatives, raised some concerns as to the preparedness of such parties regarding information security. Although sixty-nine percent of the respondents said that they were confident in their compliance policies, the report stated that the current culture surrounding HIPAA compliance is far too lax. “It is somewhat disconcerting that there isn’t a more robust incident response culture and perhaps more worrisome is the seeming lack of preparation of preventing an attack before it happens.”
Developments From NIST
August was a busy month for The National Institute of Standards and Technology (NIST). Early this month, NIST released the final version of its cryptographic hash standard, “Secure Hash Algorithm-3.” This standard, which was being developed over the past nine years, will be vital for the security of digital signatures and message authentication. The Secure Hash Algorithm-3 is available for download today on the NIST website.
This month NIST also issued a report that highlighted the need for the government to increase its development and adoption of international cybersecurity standards. Following the report release, NIST is now seeking public comment on their draft as they hope to, “promote U.S. interests by facilitating interoperability, security, usability and resiliency; improving trust in online and offline transactions; promoting innovation and competitiveness; and helping U.S. products and services compete in global markets.” The public comments are due back by September 24th.
NIST is looking to enter into a research and development agreement with three vendors for help developing “mobile device security, personal identity verification credentials for such devices and access control.” NIST believes that these collaborations will allow them to develop cybersecurity guidelines that can be applied across many industries.
Keeping up with industry standards, regulations and updates is near impossible these days. Allow ZenGRC to simplify it for you!
Photo Credit: John Mcsporran