NIST Computer Security Guidance: Impact On Contractors
24 August 2012Law360
The National Institute of Standards and Technology (NIST) issued on Aug. 8 an updated Computer Security Incident Handling Guide (NIST Special Publication 800-61, Rev. 2). The publication provides guidance to federal agencies on detecting, analyzing, prioritizing and handling computer security incidents. Like most NIST special publications, this guidance “may be used by nongovernmental organizations on a voluntary basis.” However, organizations doing business with the federal government — and particularly those government contractors that are subject to the Federal Information Security Management Act (FISMA) — often find themselves subject to NIST standards by virtue of federal contract terms.