Connecticut looks to NIST framework, CIS controls in bill offering liability protection

Legislation in the Connecticut General Assembly would offer companies a legal safe harbor when they incorporate cyber best practices and use tools including the NIST cybersecurity framework and the CIS Controls, as state lawmakers look for ways to drive up security across their digital ecosystems.

The bill “would establish a legal safe harbor for organizations in Connecticut that voluntarily adopt certain recognized cybersecurity best practices like the CIS Controls and implement a written information security program,” Curtis Dukes, executive vice...