x
Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks

March 29, 2021

CSO Online

While sophisticated ransomware and nation-state threat actors target US critical infrastructure, the only protection most organizations have against these attacks is tight and effective cybersecurity. These attacks have drawn government attention and sparked calls for liability protection against malicious intrusions. If organizations want this protection, however, lawmakers say they need to step up their game to implement better cybersecurity practices.
Against the backdrop of this heightened federal-level focus, a number of states have quietly moved forward with their own liability exemption measures that seek to boost best cybersecurity practices. These states have enacted laws that incentivize the adoption of robust and thorough industry-leading cybersecurity frameworks and recommendations such as the National Institute of Standards and Technology’s [NIST] Cybersecurity Framework or the Center for Internet Security’s (CIS) Critical Security Controls by making them requirements for obtaining liability protections.