Articles by 'Nancy Rand'

Blog Author - Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.

By Nancy Rand, Posted in Security

The PCI DSS Council recently announced that a new standard for commercial off the shelf (COTS) mobile devices, PCI Contactless Payments on COTS (CPoC™) mobile devices, is to be released in December 2019. The current PCI DSS standard covers contactless payment methods, but the new publication provides detail on the mobile payment options. On October 28, the council is releasing an RFC on PCI DSS version 4.0 to assessors to provide feedback on the draft of the new version. New and revised requirements... read more.

  • October 28, 2019

By Nancy Rand, Posted in Security

The PCI DSS Council released overview and mapping documents to map PCI DSS requirements to the NIST Cybersecurity Framework. As stated in the mapping document: The mapping covers all NIST Framework functions and categories, with PCI DSS requirements directly mapping to 96 of the 108 subcategories. The mapping is based on PCI DSS v3.2.1 and the Cybersecurity Framework v1.1, using the 2018-04-16_framework_v.1.1_core spreadsheet1 The PCI DSS documents show how PCI DSS requirements can help when working... read more.

  • July 23, 2019

By Nancy Rand, Posted in Security

Q2 2019 NIST Privacy Framework Additional Documentation The NIST Privacy Framework group has published new documents to complement the Privacy Framework Draft document. The NIST Privacy Framework Discussion Draft Core (Excel) spreadsheet facilitates an organization’s consideration of the elements of the framework. The Comparison of Privacy Framework and Cybersecurity Framework Cores (PDF) presents a side-by-side view of each framework’s corresponding elements for review. Each document furthe... read more.

  • May 30, 2019

By Nancy Rand, Posted in Security

The NIST Privacy Framework discussion draft has been published. This document incorporates the outlines and stakeholder input received to date. https://www.nist.gov/sites/default/files/documents/2019/04/30/nist-privacy-framework-discussion-draft.pdf  The Drafting the NIST Privacy Framework: Workshop #2 will be held on May 13-14, 2019, at the Georgia Tech Scheller College of Business in Atlanta, Georgia. Feedback is also welcome via email at privacyframework@nist.gov (which will not be posted online).... read more.

  • May 02, 2019

By Nancy Rand, Posted in Security

NIST Privacy Framework working drafts have been published for input. The Privacy Framework group has posted an outline of the NIST Privacy Framework, along with a summary analysis of the comments received on their Request for Information. The group developed the outline in response to what was heard from stakeholders, and are looking forward to feedback. A comments spreadsheet has also been posted. A list of standards guidance referenced is available. The NIST Privacy Framework Group is hosting a live webi... read more.

  • March 01, 2019

By Nancy Rand, Posted in Security

NIST held their first privacy framework workshop on 10/16/18 in Austin Texas. Representatives of NIST and private industry discussed the development of a privacy framework and plan to leverage the process used to develop the NIST Cybersecurity Framework.  This will include workshops and sessions throughout the US to gather information.  https://www.nist.gov/news-events/events/2018/10/kicking-nist-privacy-framework-workshop-1 The three hour event was recorded for additional viewing and can be fou... read more.

  • December 20, 2018

By Nancy Rand, Posted in Security

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced on September 4, 2018 that it has started a collaborative project to develop a voluntary privacy framework. The framework design for the enterprise will complement the NIST Cybersecurity Framework. At the same time NIST will be developing a legal and policy approach for the US “…for consumer privacy in coordination with the department’s International Trade Administration to ensure consi... read more.

  • October 01, 2018

By Nancy Rand, Posted in Security

On May 17, 2018, the PCI DSS council published an updated standard. The updated standards document and summary of changes document are available at https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss This update consists of clarification statements to remove references to effective dates and Secure Socket Layer (SSL)/early Transport Layer Security (TLS) migration deadlines that have passed. No new requirements are added in PCI DSS v3.2.1. PCI DSS v3.2 remains valid th... read more.

  • June 28, 2018

By Nancy Rand, Posted in Security

From Dark Reading on 1/24/18: Intel provided another update on advice for patching: https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/ From Dark Reading on 1/23/18: Intel Says to Stop Applying Problematic Spectre, Meltdown Patch Cause of reboot problems with its Broadwell and Haswell microprocessor patching now identified, the chipmaker said. Intel is now advising its customers and partners to halt the installation of patches for its Bro... read more.

  • January 24, 2018

By Nancy Rand, Posted in Security

The National Institute of Standards and Technology (NIST) finalized its Digital Identity Guidelines in December 2017 and published the following four documents: NIST Special Publication 800-63-3, Digital Identity Guidelines Presents an executive summary of the series along with a glossary. NIST Special Publication 800-63A, Digital Identity Guidelines, Enrollment and Identity Proofing Provides requirements for enrollment and identity proofing of applicants for access to resources at each Identity Assuran... read more.

  • January 12, 2018