A new blog post from the Federal Trade Commission provides guidance to businesses on how the cybersecurity framework created by the National Institute for Standards and Technology (NIST) aligns with the FTC’s data security program.
The post outlines the key elements of the NIST framework and how it relates to the FTC’s long-standing approach to data security. It notes that the framework is not a checklist, but rather a method by which a company can identify risks and adjust its security efforts accordingly to ensure they are as effective as possible, which is consistent with the FTC’s focus on reasonable data security.
The blog also highlights various FTC enforcement cases in which the security problems alleged in the complaint mirror concerns addressed in the NIST framework. The blog post concludes that applying both the risk management approach presented by the framework and the FTC’s Start with Security guidance will lead to businesses providing more robust protections for consumers’ data.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.
Office of Public Affairs
Division of Privacy and Identity Protection