A new publication from the National Institute of Standards and Technology (NIST) provides companies, government agencies, and other organizations with a set of practices that any organization can use to manage growing cybersecurity risks associated wit…
Read More NIST Shares Key Practices in Cyber Supply Chain Risk Management Based on Observations from IndustryNIST announces the release of the final NISTIR 8323, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. NIST has also prepared a PNT Profile Quick Guide for thos…
Read More Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation and Timing Services–NISTIR 8323Traditional data and operations management across organizations and on the web can involve inefficient transaction reconciliation between siloed databases, password fatigue, and single points of failure. These often result in concerns over interoperabi…
Read More NIST Publishes NISTIR 8301: Blockchain Networks—Token Design and Management OverviewNIST announces the release of Draft NISTIR 8344, Ontology for Authentication, for public comment. This draft document is the result of an effort to define authentication by examining mechanisms used to prove position or membership; analyzing existing m…
Read More Ontology for Authentication: Draft NISTIR 8344 is Available for CommentAlso see NIST Offers Tools to Help Defend Against State-Sponsored Hackers NIST Special Publication (SP) 800-172 provides federal agencies with a set of enhanced security requirements for protecting the confidentiality, integrity, and availability of co…
Read More NIST Releases SP 800-172, “Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171”NIST’s National Cybersecurity Center of Excellence (NCCoE) has posted for comment a Preliminary Draft—the first of three volumes of an upcoming practice guide on 5G cybersecurity (Prelim. Draft SP 1800-33A). This practice guide can benefit organization…
Read More 5G Cybersecurity: Preliminary Draft of NIST Cybersecurity Practice Guide SP 1800-33ANIST’s Artificial Intelligence (AI) team is taking advantage of insights from a member of the 2021 class of Presidential Innovation Fellows (PIF), now deployed throughout the federal government to co-create bold solutions for public good. Natasha Bansg…
Read More Presidential Innovation Fellow Joins NIST’s AI TeamDeployment architecture in cloud-native applications now consists of loosely coupled components (microservices), with all application services provided through a dedicated infrastructure (service mesh) independent of the application code. Two critical …
Read More Attribute-based Access Control for Microservices-based Applications Using a Service Mesh: Draft SP 800-204B is Available for CommentOrganizations frequently share information through various information exchange channels based on mission and business needs. In order to protect the confidentiality, integrity, and availability of exchanged information commensurate with risk, the info…
Read More Managing the Security of Information Exchanges: Draft NIST SP 800-47 Revision 1 Available for CommentNew and updated supplemental materials for NIST Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations, and NIST SP 800-53B, Control Baselines for Information Systems and Organizations, are …
Read More NIST Releases Supplemental Materials for SP 800-53 and SP 800-53B: Control Catalog and Control Baselines in Spreadsheet FormatOn January 13, 2021, 41 ITL staff members were honored for their exceptional accomplishments during the 2020 NIST Awards Ceremony. The following ITL staff received awards: Gold Medal For the first demonstration of quantum gate teleportation with trappe…
Read More ITL Staff Recognized at 48th Annual NIST Awards CeremonyNIST’s Cybersecurity for the Internet of Things program has published a summary report—NISTIR 8322—for the July 2020 workshop on the creation of a Federal profile of IoT device cybersecurity requirements. The workshop provided the opportunity to discus…
Read More NIST publishes NISTIR 8322: Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” Virtual Workshop[Intended audience: CNAs (CVE Numbering Authorities), Authorized Data Publishers] NIST announces the publication of NISTIR 8246, Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Pu…
Read More CVMAP for CVE Numbering Authorities (CNAs) and Authorized Data Publishers: NISTIR 8246New supplemental materials for NIST Special Publication (SP) 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations, are available for download to support the December 10, 2020 errata release of SP 800-53 and SP 800-…
Read More NIST Releases Supplemental Materials for SP 800-53: Analysis of Changes Between Revisions 4 and 5, and Control MappingsNIST requests comments on Draft Federal Information Processing Standard (FIPS) 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors. This Standard defines common credentials and authentication mechanisms offering varying deg…
Read More Draft FIPS 201-3 and Workshop: Personal Identity Verification (PIV) of Federal Employees and ContractorsNIST Special Publication (SP) 800-53B, Control Baselines for Information Systems and Organizations, provides security and privacy control baselines for the Federal Government. SP 800-53B is a companion publication to SP 800-53, Revision 5, Security and…
Read More Control Baselines for Information Systems and Organizations: NIST Publishes SP 800-53BStorage infrastructure—along with compute (encompassing OS and host hardware) and network infrastructures—is one of the three fundamental pillars of Information Technology (IT). However, compared to its counterparts, it has received relatively limited …
Read More Security Guidelines for Storage Infrastructure: NIST SP 800-209Today, NIST is publishing NIST Technical Note (TN) 2111, An Empirical Study on Flow-based Botnet Attacks Prediction. In the era of the Internet of Things, botnet threats are rising, which has prompted many studies on botnet detection and measurement. I…
Read More An Empirical Study on Flow-based Botnet Attacks Prediction: NIST Technical Note 2111