Anything is admissible in court, the judge merely has to allow it. There are 100... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bbarnett on Feb 23, 2024 \| parent \| context \| favorite \| on: Thanks FedEx, this is why we keep getting phished Anything is admissible in court, the judge merely has to allow it. There are 1000s of such organizations, and many conflict with each other. My point is, it's inaccurate to say you are liable for not following NIST. I could easily say you could be liable, for not following me. Does that make it so? No.

SAI_Peregrinus on Feb 23, 2024 [–]

NIST SP 800-63B is informative, not normative. It codifies existing industry-standard best-practice, but is not in itself law. However, not following best-practices may be argued as negligence if it leads to a breach or decrease in shareholder value.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact