Author: Thelma A. Allen

A new publication from the National Institute of Standards and Technology (NIST) provides companies, government agencies, and other organizations with a set of practices that any organization can use to manage growing cybersecurity risks associated wit…

Read More NIST Shares Key Practices in Cyber Supply Chain Risk Management Based on Observations from Industry

NIST announces the release of the final NISTIR 8323, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. NIST has also prepared a PNT Profile Quick Guide for thos…

Read More Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation and Timing Services–NISTIR 8323

Also see NIST Offers Tools to Help Defend Against State-Sponsored Hackers NIST Special Publication (SP) 800-172 provides federal agencies with a set of enhanced security requirements for protecting the confidentiality, integrity, and availability of co…

Read More NIST Releases SP 800-172, “Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171”

Deployment architecture in cloud-native applications now consists of loosely coupled components (microservices), with all application services provided through a dedicated infrastructure (service mesh) independent of the application code. Two critical …

Read More Attribute-based Access Control for Microservices-based Applications Using a Service Mesh: Draft SP 800-204B is Available for Comment

Organizations frequently share information through various information exchange channels based on mission and business needs. In order to protect the confidentiality, integrity, and availability of exchanged information commensurate with risk, the info…

Read More Managing the Security of Information Exchanges: Draft NIST SP 800-47 Revision 1 Available for Comment

New and updated supplemental materials for NIST Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations, and NIST SP 800-53B, Control Baselines for Information Systems and Organizations, are …

Read More NIST Releases Supplemental Materials for SP 800-53 and SP 800-53B: Control Catalog and Control Baselines in Spreadsheet Format

NIST’s Cybersecurity for the Internet of Things program has published a summary report—NISTIR 8322—for the July 2020 workshop on the creation of a Federal profile of IoT device cybersecurity requirements. The workshop provided the opportunity to discus…

Read More NIST publishes NISTIR 8322: Workshop Summary Report for “Building the Federal Profile for IoT Device Cybersecurity” Virtual Workshop

New supplemental materials for NIST Special Publication (SP) 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations, are available for download to support the December 10, 2020 errata release of SP 800-53 and SP 800-…

Read More NIST Releases Supplemental Materials for SP 800-53: Analysis of Changes Between Revisions 4 and 5, and Control Mappings

NIST requests comments on Draft Federal Information Processing Standard (FIPS) 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors. This Standard defines common credentials and authentication mechanisms offering varying deg…

Read More Draft FIPS 201-3 and Workshop: Personal Identity Verification (PIV) of Federal Employees and Contractors