Security News

NIST has expanded the CSF's core guidance and developed related resources to help users get the most out of the framework."The NIST CSF 2.0 update significantly impacts the security of software supply chains, addressing the integration of open source, commercial components, in-house developed software, and Commercial Off-The-Shelf products. NIST CSF 2.0 could be a key instrument for helping CISOs better define and build up controls that will improve security outcomes, providing direction to address critical asset protection, reduce or eliminate risk of material impact, and prevent any breach of duty for failing to adhere to regulatory and compliance regulations," Saša Zdjelar, Chief Trust Officer at ReversingLabs, told Help Net Security.

The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of...

The National Institute of Standards and Technology established the AI Safety Institute on Feb. 7 to determine guidelines and standards for AI measurement and policy.An interesting omission on the list of U.S. AI Safety Institute members is the Future of Life Institute, a global nonprofit with investors including Elon Musk, established to prevent AI from contributing to "Extreme large-scale risks" such as global war.

NIST CSF is based on existing standards, guidelines, and practices for organizations to manage and reduce cybersecurity risk better. It was designed to foster risk and cybersecurity management communications amongst internal and external organizational stakeholders.

The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence...

The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery, some conspiracy theories, and an historical password cracking challenge. So there's a $12K prize to recover the hash seeds.

A bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover the original phrases that were hashed to generate them. In Elliptic Curve Cryptography, seeds are values or sets of values used as the initial input for an encryption algorithm or process to produce cryptographic keys.

Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and on-premises environments. Users from different locations access them through different devices.

The National Institute of Standards and Technology released a discussion draft for possible Cybersecurity Framework changes earlier this year. The proposed changes aim to help increase the CSF's clarity and bring the updated version closer to national and international cybersecurity standards and practices.

"NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography." It's only four pages long, and it doesn't have a lot of detail-more "Volumes" are coming, with more information-but it's well worth reading. We are going to need to migrate to quantum-resistant public-key algorithms, and the sooner we implement key agility the easier it will be to do so.