FTC Links Its Data Security Standards to NIST Cybersecurity Framework | Practical Law
The FTC has published guidance linking its reasonableness standard for data security to the voluntary National Institute of Standards and Technology (NIST) Cybersecurity Framework. The FTC emphasized that it has brought enforcement actions alleging lapses and entered into consent decrees with corresponding requirements in each of the Framework's core functions. The FTC urged companies to use the NIST Cybersecurity Framework as part of their risk-based data security programs.