The NIST Post-Quantum Cryptography Standardization Process has entered the third phase, in which 7 third round finalists and eight alternate candidates are being considered for standardization. NIST plans to hold a third NIST PQC Standardization Confer…
Read More Third PQC Standardization ConferenceNIST is planning to update NIST Special Publication (SP) 800-66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST’s cybersecurity resource…
Read More Implementing the HIPAA Security Rule: Call for Comments on SP 800-66, Revision 1More than ever, organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cy…
Read More Comments Sought on Updates to Cyber Supply Chain Risk Management Practices for Systems and Organizations (Draft NIST SP 800-161, Revision 1)The National Cybersecurity Center of Excellence (NCCoE) has released the final version of the NIST Cybersecurity White Paper, Getting Ready for Post-Quantum Cryptography: Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographi…
Read More Challenges with Adopting Post-Quantum Cryptographic Algorithms: Final Version of Cybersecurity White Paper PublishedThe protection of controlled unclassified information (CUI) in nonfederal systems and organizations—especially CUI associated with a critical program or high value asset—is important to federal agencies and can directly impact the ability of the Federa…
Read More Assessing Enhanced Security Requirements for Controlled Unclassified Information: Draft NIST SP 800-172A Available for CommentDigital twin technology is an emerging area of research and standardization. Because of this, there may be a lack of clarity as to what is new with digital twins and what promise this technology holds. Draft NISTIR 8356, Considerations for Digital Twin…
Read More Considerations for Digital Twin Technology and Emerging Standards: Draft NISTIR 8356 Available for CommentInformation security continuous monitoring (ISCM) programs provide an understanding of risk tolerance and help officials set priorities and consistently manage information security risk throughout the organization. NISTIR 8212, An Information Security …
Read More NIST Releases an Example Implementation Tool for NISTIR 8212: An Information Security Continuous Monitoring Program AssessmentIn recent years criminals and other attackers have compromised the networks of several major hospitality companies, exposing the information of hundreds of millions of guests. A hotel property management system (PMS) is a prime target for attackers – i…
Read More Securing Property Management Systems: Cybersecurity Practice Guide SP 1800-27To help secure our elections, NIST has released Draft NISTIR 8310, Cybersecurity Framework Election Infrastructure Profile. This Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to election…
Read More Cybersecurity Framework Election Infrastructure Profile: Draft NISTIR 8310 Available for CommentA new publication from the National Institute of Standards and Technology (NIST) provides companies, government agencies, and other organizations with a set of practices that any organization can use to manage growing cybersecurity risks associated wit…
Read More NIST Shares Key Practices in Cyber Supply Chain Risk Management Based on Observations from IndustryNIST announces the release of the final NISTIR 8323, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. NIST has also prepared a PNT Profile Quick Guide for thos…
Read More Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation and Timing Services–NISTIR 8323Traditional data and operations management across organizations and on the web can involve inefficient transaction reconciliation between siloed databases, password fatigue, and single points of failure. These often result in concerns over interoperabi…
Read More NIST Publishes NISTIR 8301: Blockchain Networks—Token Design and Management OverviewNIST announces the release of Draft NISTIR 8344, Ontology for Authentication, for public comment. This draft document is the result of an effort to define authentication by examining mechanisms used to prove position or membership; analyzing existing m…
Read More Ontology for Authentication: Draft NISTIR 8344 is Available for CommentAlso see NIST Offers Tools to Help Defend Against State-Sponsored Hackers NIST Special Publication (SP) 800-172 provides federal agencies with a set of enhanced security requirements for protecting the confidentiality, integrity, and availability of co…
Read More NIST Releases SP 800-172, “Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171”NIST’s National Cybersecurity Center of Excellence (NCCoE) has posted for comment a Preliminary Draft—the first of three volumes of an upcoming practice guide on 5G cybersecurity (Prelim. Draft SP 1800-33A). This practice guide can benefit organization…
Read More 5G Cybersecurity: Preliminary Draft of NIST Cybersecurity Practice Guide SP 1800-33ANIST’s Artificial Intelligence (AI) team is taking advantage of insights from a member of the 2021 class of Presidential Innovation Fellows (PIF), now deployed throughout the federal government to co-create bold solutions for public good. Natasha Bansg…
Read More Presidential Innovation Fellow Joins NIST’s AI TeamDeployment architecture in cloud-native applications now consists of loosely coupled components (microservices), with all application services provided through a dedicated infrastructure (service mesh) independent of the application code. Two critical …
Read More Attribute-based Access Control for Microservices-based Applications Using a Service Mesh: Draft SP 800-204B is Available for CommentNew and updated supplemental materials for NIST Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations, and NIST SP 800-53B, Control Baselines for Information Systems and Organizations, are …
Read More NIST Releases Supplemental Materials for SP 800-53 and SP 800-53B: Control Catalog and Control Baselines in Spreadsheet FormatOrganizations frequently share information through various information exchange channels based on mission and business needs. In order to protect the confidentiality, integrity, and availability of exchanged information commensurate with risk, the info…
Read More Managing the Security of Information Exchanges: Draft NIST SP 800-47 Revision 1 Available for CommentOn January 13, 2021, 41 ITL staff members were honored for their exceptional accomplishments during the 2020 NIST Awards Ceremony. The following ITL staff received awards: Gold Medal For the first demonstration of quantum gate teleportation with trappe…
Read More ITL Staff Recognized at 48th Annual NIST Awards CeremonyNIST’s Cybersecurity for the Internet of Things program has published a summary report—NISTIR 8322—for the July 2020 workshop on the creation of a Federal profile of IoT device cybersecurity requirements. The workshop provided the opportunity to discus…
Read More NIST publishes NISTIR 8322: Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” Virtual Workshop[Intended audience: CNAs (CVE Numbering Authorities), Authorized Data Publishers] NIST announces the publication of NISTIR 8246, Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Pu…
Read More CVMAP for CVE Numbering Authorities (CNAs) and Authorized Data Publishers: NISTIR 8246New supplemental materials for NIST Special Publication (SP) 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations, are available for download to support the December 10, 2020 errata release of SP 800-53 and SP 800-…
Read More NIST Releases Supplemental Materials for SP 800-53: Analysis of Changes Between Revisions 4 and 5, and Control MappingsNIST requests comments on Draft Federal Information Processing Standard (FIPS) 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors. This Standard defines common credentials and authentication mechanisms offering varying deg…
Read More Draft FIPS 201-3 and Workshop: Personal Identity Verification (PIV) of Federal Employees and ContractorsNIST Special Publication (SP) 800-53B, Control Baselines for Information Systems and Organizations, provides security and privacy control baselines for the Federal Government. SP 800-53B is a companion publication to SP 800-53, Revision 5, Security and…
Read More Control Baselines for Information Systems and Organizations: NIST Publishes SP 800-53BStorage infrastructure—along with compute (encompassing OS and host hardware) and network infrastructures—is one of the three fundamental pillars of Information Technology (IT). However, compared to its counterparts, it has received relatively limited …
Read More Security Guidelines for Storage Infrastructure: NIST SP 800-209Today, NIST is publishing NIST Technical Note (TN) 2111, An Empirical Study on Flow-based Botnet Attacks Prediction. In the era of the Internet of Things, botnet threats are rising, which has prompted many studies on botnet detection and measurement. I…
Read More An Empirical Study on Flow-based Botnet Attacks Prediction: NIST Technical Note 2111