Connecticut looks to NIST framework, CIS controls in bill offering liability protection

March 22, 2021

Inside Cybersecurity

Legislation in the Connecticut General Assembly would offer companies a legal safe harbor when they incorporate cyber best practices and use tools including the NIST cybersecurity framework and the CIS Controls, as state lawmakers look for ways to drive up security across their digital ecosystems.

The bill “would establish a legal safe harbor for organizations in Connecticut that voluntarily adopt certain recognized cybersecurity best practices like the CIS Controls and implement a written information security program,” Curtis Dukes, executive vice president and general manager for security best practices at the Center for Internet Security, testified last week before the Assembly’s Commerce Committee.