NIS, NIST, GDPR, CE, DCMS, ICO, CA, NCSC?
You’re not alone. Below is a brief timeline which explains several of the key acronyms.
- 14 February 2017. The UK’s National Cyber Security Centre (NCSC) was officially opened by Her Majesty The Queen.
- 16 January 2018. The Department of Digital, Culture, Media and Sport (formerly DCMS) updated the Cyber Essentials (CE) scheme. Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security.
- 7 March 2018. The Department of Digital, Culture, Media and Sport and the NCSC release their ‘Secure by Design; Improving the cyber security of consumer Internet of Things’ report to support a rigorous Code of Practice.
- 17 April 2018. The US National Institute of Standards and Technology (NIST) release version 1.1. of their popular Cybersecurity Framework (CSF) otherwise known as the NIST CSF.
- 10 May 2018. The EU Network and Information Systems (NIS) Directive became law in the UK, placing legal obligations on Operators of Essential Services (OES) and Digital Service Providers (DSP’s) to protect UK critical services by improving cyber-security. This is led by The Department of Digital, Culture, Media and Sport and Competent Authorities (CA’s). The Information Commissioners Office (ICO) is the CA for Digital Service Providers (DSP’s) and the Department for Transport is the CA for transport, for example.
- 25 May 2018. The EU General Data Protection Regulation (GDPR) becomes law in the UK replacing the Data Protection Act 1998 (DPA), this is led by the Department for Digital Culture Media and Sport and the Information Commissioners Office
What these schemes and regulations have in common is the risk management of cyber security threats, for the UK GDPR, NIS and CE are our UK foundational regulatory frameworks for cyber, and evolving Internet of Things (IoT) code of practice may well set the scene for future secure by design regulation.