The National Institute of Standards and Technology (“NIST”), an agency within the U.S. Department of Commerce, has produced a number of detailed standards for various aspects of information security. These standards outline baseline information security controls and represent best practices that assist organizations in identifying, protecting, responding to, and recovering from cybersecurity risks. Additionally, the Federal Trade Commission (“FTC”) has posted complaints, consent agreements, public statements, and business guidance brochures to provide guidance to companies about the FTC’s standards for reasonable and appropriate data security practices, in relation to the FTC’s Section 5 power to prohibit “unfair or deceptive acts or practices in or affecting commerce.”
Please see full publication below for more information.