ONCD considers use of ‘tiered’ regulation as part of regulatory harmonization framework

The Office of the National Cyber Director raises the prospect of using a “tiered model” based on risk to develop cyber regulations across multiple sectors, in a new request for information.

“Different levels of risk across and within sectors may in part be addressed through a tiered model (e.g., low, moderate, or high risk), potentially assisting in tailoring baseline requirements for each regulatory purpose. Tiering may also help smaller businesses meet requirements commensurate with their risk,” the request for...