ANSI shines a spotlight on Standards in action as they support safety, efficiency and well-being in interesting aspects of everyday life.
From strong email passwords to malware prevention: Cybersecurity Awareness Month is an opportunity to recognize how to safeguard numerous types cyber connections, from our personal home computers to large industrial networks. Held every October since 2004, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead the initiative as part of a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.
Recently, President Biden issued a proclamation on Cybersecurity Awareness Month, noting that cybersecurity is not limited to government or critical infrastructure. “Cybersecurity is about protecting the American people and the services we rely on,” he said. “This month, I encourage all Americans to increase their cybersecurity at home, at work, and in schools by taking steps such as enabling multi-factor authentication, using a trusted password manager and strong passwords, recognizing and reporting phishing, and updating their software regularly.”
Throughout the month, CISA and NCA will promote actionable steps for everyone to take to remain cybersafe, aligned with the “See Yourself in Cyber” theme:
Various standards support cybersecurity awareness month, including CSA/ANSI T200-2022, Evaluation of software development and cybersecurity programs, which supports effective executive business decisions that establish a comprehensive maturity model approach to cybersecurity. The standard describes a methodology for assessing the product software and cybersecurity control maturity of an organization. The American National Standard (ANS) is applicable to all IoT and related products/solutions. It was published by CSA Group, an ANSI member and accredited standards developer.
Another standard, published by UL Standards & Engagement (ULSE) UL 2900-2-3 Ed. 1-2020, Standard for Software Cybersecurity for Network-Connectable Products, Part 2-3, is a security evaluation standard that applies to the evaluation of security and life safety signaling system components. It applies to, but is not limited to, various following products, including alarm control units, network-based intrusion detection systems, general purpose signaling units, and digital video equipment and systems, among others. UL Standards & Engagement is an ANSI member and audited designator.
The National Institute of Standards and Technology (NIST) is also leading efforts to strengthen cybersecurity. In a recent White House statement, the Biden administration recognized NIST’s four new encryption algorithms that will become part of NIST’s post-quantum cryptographic standard, which are expected to be finalized in about two years. The algorithms are “the first group of encryption tools that are designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day, such as online banking and email software,” the White House statement noted.
In July 2022 NIST issued a request for comments on a recent draft publication that guides health care cybersecurity. “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (NIST Special Publication 800-66, Revision 2),” aims to help organizations comply with HIPAA, a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
Read more about Cybersecurity Awareness Month.
