Tag: nist
-
How to use NIST and ISO frameworks to govern AI agents
Security leaders no longer need convincing that AI agents introduce risk. What’s missing is how to govern them once they move into production and begin operating autonomously … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/12/nist-iso-frameworks-govern-ai-agents/
-
Auditors Rip NIST Management of NVD Program
Auditors Accuse Agency of Mismanagement and Program Overlap. Management by the National Institute of Standards and Technology of a repository of vulnerability data came under sharp criticism from federal auditors who said the agency approached it with lack of strategic planning and decisive action. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/auditors-rip-nist-management-nvd-program-a-31848
-
Inspector general finds NIST mistakes have made vulnerability database ineffective
NIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the end of 2025, “undermining the NVD’s utility and public trust,” according to an inspector general report. First seen on therecord.media Jump to article: therecord.media/nist-mistakes-vulnerability-database-inspector-general
-
How NIST fumbled management of the National Vulnerability Database
A US federal watchdog has outlined how the National Institute of Standards and Technology (NIST) failed to effectively manage the growing backlog of unprocessed cybersecurity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/nist-nvd-management-problems/
-
7 tips for accelerating cyber incident recovery
Tags: attack, awareness, backup, breach, business, ceo, cio, ciso, cloud, communications, control, cyber, cybersecurity, data, defense, finance, framework, governance, incident, incident response, infection, insurance, international, lessons-learned, malicious, malware, monitoring, nist, risk, service, technology, threat, updateEmphasize scoping and containment from the outset: Because you can’t recover from what you can’t stop, scoping and containment should be the absolute first priority during incident recovery, says Amit Basu, CIO and CISO at freight shipping firm International Seaway.”Before anything else, you must stop the bleeding,” he says. This means understanding the true scope…
-
10 wichtige CloudTools für Unternehmenssicherheit und Audit-Bereitschaft
Cloud-Compliance im Jahr 2026 ist weit mehr ist als die Vorbereitung auf Audits: In hybriden und Multi-Cloud-Umgebungen wird sie zum zentralen Maßstab für operative Resilienz, Risikotransparenz und regulatorische Sicherheit. Unternehmen stehen unter wachsendem Druck, Anforderungen aus Frameworks wie NIST, ISO27001, SOC2, PC DSS, HIPAA, DSGVO, NIS2 und DORA kontinuierlich nachzuweisen und zwar in Echtzeit […]…
-
NIST will test three major tech firms’ frontier AI models for cybersecurity risks
After Anthropic’s announcement of Claude Mythos, agencies across the government are racing to get ahead of new AI models’ potential dangers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nist-ai-model-testing-caisi-google-microsoft/819452/
-
AI finds 20-year-old bugs in PostgreSQL and MariaDB
Tags: ai, breach, credentials, cve, exploit, flaw, github, injection, nist, rce, remote-code-execution, sql, vulnerabilityInadequate JSON parsing allowed RCE on the MariaDB server: In MariaDB, a buffer overflow bug, tracked as CVE-2026-32710, was found in the JSON_SCHEMA_VALID() function using Xint Code. The vulnerability allows an authenticated user to trigger a crash, which, under controlled conditions, could be escalated into remote code execution.Compared to the PostgreSQL flaws, exploitation here is…
-
Cyberresilienz: Ausfallzeiten nach Sicherheitsverstoß minimieren
Ausfallzeiten sind der entscheidende Schadenstreiber nicht nur der Angriff selbst, sondern die Dauer der Wiederherstellung bestimmt die Gesamtkosten. Prävention genügt nicht mehr Unternehmen müssen gleichermaßen in Erkennung, Reaktion und Wiederherstellung investieren. NIST CSF 2.0 bietet ein klares Resilienz”‘Framework Govern, Identify, Protect, Detect, Respond, Recover strukturieren Risiken und Prioritäten. Detect, Respond und Recover… First seen on…
-
Cyberresilienz:Ausfallzeiten nach Sicherheitsverstoß minimieren
Ausfallzeiten sind der entscheidende Schadenstreiber nicht nur der Angriff selbst, sondern die Dauer der Wiederherstellung bestimmt die Gesamtkosten. Prävention genügt nicht mehr Unternehmen müssen gleichermaßen in Erkennung, Reaktion und Wiederherstellung investieren. NIST CSF 2.0 bietet ein klares Resilienz”‘Framework Govern, Identify, Protect, Detect, Respond, Recover strukturieren Risiken und Prioritäten. Detect, Respond und Recover… First seen on…
-
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI
Tags: access, ai, api, attack, automation, business, ciso, compliance, control, cve, cybersecurity, data, exploit, framework, group, identity, Internet, login, nist, okta, service, supply-chain, threat, update, vulnerability, vulnerability-managementDetecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider, automating the hunt for asset owners in seconds. Key takeaways The accountability gap is the real bottleneck. Finding a vulnerability…
-
NIST Cybersecurity Framework for UK SMEs: A Practical Guide to Identify, Protect, Detect, Respond, and Recover
NIST Cybersecurity Framework for UK SMEs: A Practical Guide to Identify, Protect, Detect, Respond, and Recover The NIST Cybersecurity Framework is a useful way to organise cybersecurity work around business risk. For UK SMEs, that matters because most teams do not have the time or budget to do everything at once. A framework gives you……
-
NIST Cybersecurity Framework for UK SMEs: A Practical Guide to Identify, Protect, Detect, Respond, and Recover
NIST Cybersecurity Framework for UK SMEs: A Practical Guide to Identify, Protect, Detect, Respond, and Recover The NIST Cybersecurity Framework is a useful way to organise cybersecurity work around business risk. For UK SMEs, that matters because most teams do not have the time or budget to do everything at once. A framework gives you……
-
From Shadow AI to Full Control: FireTail’s Q1 2026 Updates FireTail Blog
Apr 28, 2026 – Timo Rüppell – Most security teams have accepted a hard truth in recent months. AI has already arrived in your organization. It resides in your codebase, runs in your cloud infrastructure, and is likely open in a nearby browser tab right now.The question is no longer whether to let AI in.…
-
Änderungen an der NVD – NIST reagiert auf Schwachstellen-Flut
First seen on security-insider.de Jump to article: www.security-insider.de/nist-priorisiert-cves-nvd-risikobasiertes-modell-a-b62bfc43745006c9f34e3a70de0332f2/
-
Stopping AiTM attacks: The defenses that actually work after authentication succeeds
Tags: 2fa, access, attack, authentication, awareness, breach, communications, compliance, control, credentials, data, defense, detection, email, finance, framework, identity, incident response, login, mfa, microsoft, monitoring, nist, passkey, phishing, risk, service, threat, tool, trainingThe 3 controls that close the gap: Control #1: Bind sessions to managed devices The most impactful single control for session security is requiring managed, compliant devices as a condition of accessing sensitive resources. When access policies, such as Microsoft Entra Conditional Access, require that the device presenting a session token is enrolled, managed and…
-
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know
Tags: access, ai, cisa, cloud, cve, cvss, data, data-breach, exploit, infrastructure, intelligence, kev, metric, mitre, nist, nvd, ransomware, risk, software, strategy, technology, threat, vulnerability, vulnerability-management, zero-dayNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that the NVD may now overlook. Key takeaways NIST is pivoting to a prioritized enrichment model, focusing only on specific criteria like…
-
AI Security Questionnaires: Why Most Startups Fail (And the Trust Stack That Fixes It)
AI Security Questionnaires: Why Most Startups Fail (And the Trust Stack That Fixes It) It’s Monday. Your enterprise prospect just sent a 312-question security questionnaire. Forty of those questions are about AI, model bias, training data lineage, ISO 42001, NIST AI RMF. Your Series B closes in six weeks. You don’t have answers. You’re…The post…
-
NIST Scales Back Vulnerability Scoring in 2026 as CVE Volume Surges
NIST is scaling back NVD enrichment as CVE volumes surge, shifting more risk prioritization to organizations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/nist-scales-back-vulnerability-scoring-in-2026-as-cve-volume-surges/
-
NIST Adopts Risk-Based NVD Model as CVE Submissions Jump 263% Since 2020
According to a recent announcement from the National Institute of Standards and Technology (NIST), the agency is fundamentally restructuring how it manages the National Vulnerability Database (NVD). Driven by a massive 263% increase in Common Vulnerabilities and Exposures (CVE) submissions between 2020 and 2025, NIST is shifting from a comprehensive analysis approach to a targeted,…
-
NIST to stop rating non-priority flaws due to volume increase
The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nist-to-stop-rating-non-priority-flaws-due-to-volume-increase/
-
Surging CVE disclosures force NIST to shake up workflows
NIST announces big changes to the way it categorises and manages CVEs, set to have a big impact on how organisations manage patching and remediation. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641916/Surging-CVE-disclosures-force-NIST-to-shake-up-workflows
-
How NIST’s Cutback of CVE Handling Impacts Cyber Teams
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST’s decision to cut back on CVE data enrichment. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/nist-cutbacks-nvd-handling-impacts-cyber-teams
-
NIST, Overrun by Massive Numbers of Submitted CVEs, Limits Analysis Work
NIST said it overwhelmed by the surge in the number of CVEs submissions in recent years, so it is paring back the analysis work it does on the dangerous security flaws. Security experts say the number of new vulnerabilities detected will only grow during the AI era and that the private sector will need to…
-
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-revamps-cve-framework-to-focus-on-high-impact-vulnerabilities
-
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions.”CVEs that do not meet those criteria will still be listed…
-
NIST limits vulnerability analysis as CVE backlog swells
The agency will stop adding detailed information to vulnerabilities that don’t meet certain criteria. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nist-vulnerability-analysis-criteria-nvd-cve/817683/