Security News

NIST selects four encryption algorithms to thwart future quantum computer attacks
2022-07-06 19:13

The Department of Commerce's National Institute of Standards and Technology has chosen four encryption algorithms that are designed to withstand the hacking of a future quantum computer and protect digital information. NIST said all four of the algorithms were created by experts collaborating from multiple countries and institutions.

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms
2022-07-06 16:49

NIST's post-quantum computing cryptography standard process is entering its final phases. For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm.

NIST selects 4 quantum-resistant encryption algorithms
2022-07-06 07:26

The four selected encryption algorithms will become part of NIST's post-quantum cryptographic standard, expected to be finalized in about two years. To counter this threat, the four quantum-resistant algorithms rely on math problems that both conventional and quantum computers should have difficulty solving, thereby defending privacy both now and down the road. The quantum-resistant encryption algorithms are designed for two main tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication.

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
2022-06-25 03:30

Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework - a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course helps you understand this topic, with over 21 hours of video instruction.

On the Subversion of NIST by the NSA
2022-06-23 11:05

Abstract: In recent decades, the U.S. National Institute of Standards and Technology, which develops cryptographic standards for non-national security agencies of the U.S. government, has emerged as the de facto international source for cryptographic standards. Edward Snowden disclosed that the National Security Agency had subverted the integrity of a NIST cryptographic standard­the Dual EC DRBG­enabling easy decryption of supposedly secured communications.

Aligning Your Password Policy enforcement with NIST Guidelines
2022-05-31 14:06

Even if an organization has already brought its password policy in line with NIST's recommendations, it is a good idea to periodically revisit those recommendations since they do change over time. Not surprisingly, NIST no longer recommends scheduled password changes.

The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms
2022-05-16 11:34

The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. The agency's mathematicians worked with NIST to support the process, trying to crack the algorithms in order to test their merit.

NIST updates guidance for cybersecurity supply chain risk management
2022-05-06 10:02

The National Institute of Standards and Technology has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. "The guidance helps organizations build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks. Because cybersecurity risks can arise at any point in the life cycle or any link in the supply chain, the guidance now considers potential vulnerabilities such as the sources of code within a product, for example, or retailers that carry it," NIST notes.

NIST updates guidance for defending against supply-chain attacks
2022-05-05 18:15

The National Institute of Standards and Technology has released updated guidance on securing the supply chain against cyberattacks. Since 2020, NIST has released two draft documents on how the enterprise can better defend itself from supply-chain attacks.

NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks
2022-05-05 07:21

The National Institute of Standards and Technology on Thursday released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector. The new directive outlines major security controls and practices that entities should adopt to identify, assess, and respond to risks at different stages of the supply chain, including the possibility of malicious functionality, flaws in third-party software, insertion of counterfeit hardware, and poor manufacturing and development practices.