Author: Thelma A. Allen

More than ever, organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cy…

Read More Comments Sought on Updates to Cyber Supply Chain Risk Management Practices for Systems and Organizations (Draft NIST SP 800-161, Revision 1)

The National Cybersecurity Center of Excellence (NCCoE) has released the final version of the NIST Cybersecurity White Paper, Getting Ready for Post-Quantum Cryptography: Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographi…

Read More Challenges with Adopting Post-Quantum Cryptographic Algorithms: Final Version of Cybersecurity White Paper Published

The protection of controlled unclassified information (CUI) in nonfederal systems and organizations—especially CUI associated with a critical program or high value asset—is important to federal agencies and can directly impact the ability of the Federa…

Read More Assessing Enhanced Security Requirements for Controlled Unclassified Information: Draft NIST SP 800-172A Available for Comment

Digital twin technology is an emerging area of research and standardization. Because of this, there may be a lack of clarity as to what is new with digital twins and what promise this technology holds. Draft NISTIR 8356, Considerations for Digital Twin…

Read More Considerations for Digital Twin Technology and Emerging Standards: Draft NISTIR 8356 Available for Comment

Information security continuous monitoring (ISCM) programs provide an understanding of risk tolerance and help officials set priorities and consistently manage information security risk throughout the organization. NISTIR 8212, An Information Security …

Read More NIST Releases an Example Implementation Tool for NISTIR 8212: An Information Security Continuous Monitoring Program Assessment

A new publication from the National Institute of Standards and Technology (NIST) provides companies, government agencies, and other organizations with a set of practices that any organization can use to manage growing cybersecurity risks associated wit…

Read More NIST Shares Key Practices in Cyber Supply Chain Risk Management Based on Observations from Industry

NIST announces the release of the final NISTIR 8323, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. NIST has also prepared a PNT Profile Quick Guide for thos…

Read More Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation and Timing Services–NISTIR 8323

Also see NIST Offers Tools to Help Defend Against State-Sponsored Hackers NIST Special Publication (SP) 800-172 provides federal agencies with a set of enhanced security requirements for protecting the confidentiality, integrity, and availability of co…

Read More NIST Releases SP 800-172, “Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171”

Deployment architecture in cloud-native applications now consists of loosely coupled components (microservices), with all application services provided through a dedicated infrastructure (service mesh) independent of the application code. Two critical …

Read More Attribute-based Access Control for Microservices-based Applications Using a Service Mesh: Draft SP 800-204B is Available for Comment

New and updated supplemental materials for NIST Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations, and NIST SP 800-53B, Control Baselines for Information Systems and Organizations, are …

Read More NIST Releases Supplemental Materials for SP 800-53 and SP 800-53B: Control Catalog and Control Baselines in Spreadsheet Format

Organizations frequently share information through various information exchange channels based on mission and business needs. In order to protect the confidentiality, integrity, and availability of exchanged information commensurate with risk, the info…

Read More Managing the Security of Information Exchanges: Draft NIST SP 800-47 Revision 1 Available for Comment

NIST’s Cybersecurity for the Internet of Things program has published a summary report—NISTIR 8322—for the July 2020 workshop on the creation of a Federal profile of IoT device cybersecurity requirements. The workshop provided the opportunity to discus…

Read More NIST publishes NISTIR 8322: Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” Virtual Workshop

New supplemental materials for NIST Special Publication (SP) 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations, are available for download to support the December 10, 2020 errata release of SP 800-53 and SP 800-…

Read More NIST Releases Supplemental Materials for SP 800-53: Analysis of Changes Between Revisions 4 and 5, and Control Mappings

NIST requests comments on Draft Federal Information Processing Standard (FIPS) 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors. This Standard defines common credentials and authentication mechanisms offering varying deg…

Read More Draft FIPS 201-3 and Workshop: Personal Identity Verification (PIV) of Federal Employees and Contractors