Security News

Exploring NIST Cybersecurity Framework 2.0
2024-02-06 04:30

NIST CSF is based on existing standards, guidelines, and practices for organizations to manage and reduce cybersecurity risk better. It was designed to foster risk and cybersecurity management communications amongst internal and external organizational stakeholders.

NIST Warns of Security and Privacy Risks from Rapid AI System Deployment
2024-01-08 07:53

The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence...

Bounty to Recover NIST’s Elliptic Curve Seeds
2023-10-12 11:09

The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery, some conspiracy theories, and an historical password cracking challenge. So there's a $12K prize to recover the hash seeds.

Bounty offered for secret NSA seeds behind NIST elliptic curves algo
2023-10-07 14:12

A bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover the original phrases that were hashed to generate them. In Elliptic Curve Cryptography, seeds are values or sets of values used as the initial input for an encryption algorithm or process to produce cryptographic keys.

Access control in cloud-native applications in multi-location environments (NIST SP 800-207)
2023-09-14 08:45

Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and on-premises environments. Users from different locations access them through different devices.

How manufacturers can navigate cybersecurity regulations amid NIST 2.0
2023-08-14 04:30

The National Institute of Standards and Technology released a discussion draft for possible Cybersecurity Framework changes earlier this year. The proposed changes aim to help increase the CSF's clarity and bring the updated version closer to national and international cybersecurity standards and practices.

NIST Draft Document on Post-Quantum Cryptography Guidance
2023-05-02 14:10

"NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography." It's only four pages long, and it doesn't have a lot of detail-more "Volumes" are coming, with more information-but it's well worth reading. We are going to need to migrate to quantum-resistant public-key algorithms, and the sooner we implement key agility the easier it will be to do so.

How to Apply NIST Principles to SaaS in 2023
2023-03-13 12:23

While NIST hasn't directly developed standards related to securing the SaaS ecosystem, they are instrumental in the way we approach SaaS security. They need to integrate seamlessly with SaaS applications and provide coverage for the entire SaaS stack.

NIST chooses encryption algorithms for lightweight IoT devices
2023-02-09 11:42

ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology has chosen to secure the data generated by Internet of Things devices: implanted medical devices, keyless entry fobs, "Smart home" devices, etc. Why are the ASCON encryption algorithms a good choice for IoT devices?

US NIST unveils winning encryption algorithm for IoT data protection
2023-02-08 19:45

The National Institute of Standards and Technology announced that ASCON is the winning bid for the "Lightweight cryptography" program to find the best algorithm to protect small IoT devices with limited hardware resources. The weak chips inside these devices call for an algorithm that can deliver robust encryption at very little computational power.