Security News

Vulnerable data includes the sensitive but unclassified information managed by government, industry and academia in support of various federal programs. Now, a finalized publication from NIST provides guidance to protect such controlled unclassified information from APTs.

This post will take a closer look at the NIST password guidelines and see how you can effectively audit your password policies to ensure these meet the standards recommended by NIST. NIST Password Guidelines and Best Practices. According to NIST recommended password guidelines, this policy would not align with the NIST standard.

The cybersecurity challenges of securing PACS. Medical imaging is a critical component in providing patient care and PACS is where these images and accompanying clinical information are stored and delivered from when needed. PACS is part of a highly complex healthcare delivery organization environment that includes back-office systems, electronic health record systems, pharmacy and laboratory systems, an array of electronic medical devices, and often cloud storage for medical images.

NIST has launched a crowdsourcing challenge to spur new methods to ensure that important public safety data sets can be de-identified to protect individual privacy. The Differential Privacy Temporal Map Challenge includes a series of contests that will award a total of up to $276,000 for differential privacy solutions for complex data sets that include information on both time and location.

The National Institute of Standards and Technology has published a cybersecurity practice guide enterprises can use to recover from data integrity attacks, i.e., destructive malware and ransomware attacks, malicious insider activity or simply mistakes by employees that have resulted in the modification or destruction of company data. Special Publication 1800-11, Data Integrity: Recovering from Ransomware and Other Destructive Events can help organizations to develop a strategy for recovering from an attack affecting data integrity, recover from such an event while maintaining operations, and manage enterprise risk.

Only 44% of healthcare providers, including hospital and health systems, conformed to protocols outlined by the NIST CSF - with scores in some cases trending backwards since 2017, CynergisTek reveals. The report also found that healthcare supply chain security is one of the lowest ranked areas for NIST CSF conformance.

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria.

This "Selection round" will help the agency decide on the small subset of these algorithms that will form the core of the first post-quantum cryptography standard. "At the end of this round, we will choose some algorithms and standardize them," said NIST mathematician Dustin Moody.

NIST has now begun the third round of public review. This "Selection round" will help the agency decide on the small subset of these algorithms that will form the core of the first post-quantum cryptography standard.

The National Institute for Standards and Technology has published the draft version of SP 800-53: Security and Privacy Controls for Information Systems and Organizations. The publication provides a catalog of security and privacy controls that will help protect organizational operations and assets.