Security News

While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Notably, an admin complying with NIST standards might define necessary password policies to enforce minimum length and leaked password filtering requirements.

TechRepublic's cheat sheet about the National Institute of Standards and Technology's Cybersecurity Framework is a quick introduction to this new government recommended best practice, as well as a "Living" guide that will be updated periodically to reflect changes to the NIST's documentation. Executive summaryWhat is the NIST Cybersecurity Framework? The NIST CSF is a set of optional standards, best practices, and recommendations for improving cybersecurity and risk management at the organizational level.

Vulnerable data includes the sensitive but unclassified information managed by government, industry and academia in support of various federal programs. Now, a finalized publication from NIST provides guidance to protect such controlled unclassified information from APTs.

This post will take a closer look at the NIST password guidelines and see how you can effectively audit your password policies to ensure these meet the standards recommended by NIST. NIST Password Guidelines and Best Practices. According to NIST recommended password guidelines, this policy would not align with the NIST standard.

The cybersecurity challenges of securing PACS. Medical imaging is a critical component in providing patient care and PACS is where these images and accompanying clinical information are stored and delivered from when needed. PACS is part of a highly complex healthcare delivery organization environment that includes back-office systems, electronic health record systems, pharmacy and laboratory systems, an array of electronic medical devices, and often cloud storage for medical images.

NIST has launched a crowdsourcing challenge to spur new methods to ensure that important public safety data sets can be de-identified to protect individual privacy. The Differential Privacy Temporal Map Challenge includes a series of contests that will award a total of up to $276,000 for differential privacy solutions for complex data sets that include information on both time and location.

The National Institute of Standards and Technology has published a cybersecurity practice guide enterprises can use to recover from data integrity attacks, i.e., destructive malware and ransomware attacks, malicious insider activity or simply mistakes by employees that have resulted in the modification or destruction of company data. Special Publication 1800-11, Data Integrity: Recovering from Ransomware and Other Destructive Events can help organizations to develop a strategy for recovering from an attack affecting data integrity, recover from such an event while maintaining operations, and manage enterprise risk.

Only 44% of healthcare providers, including hospital and health systems, conformed to protocols outlined by the NIST CSF - with scores in some cases trending backwards since 2017, CynergisTek reveals. The report also found that healthcare supply chain security is one of the lowest ranked areas for NIST CSF conformance.

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria.

This "Selection round" will help the agency decide on the small subset of these algorithms that will form the core of the first post-quantum cryptography standard. "At the end of this round, we will choose some algorithms and standardize them," said NIST mathematician Dustin Moody.