Tag: nist
-
NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stalled
Several software security experts have told Infosecurity that no new vulnerabilities have been added to the US National Vulnerability Database (NVD) s… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-cve-stop-questioned/
-
What is a POAM
If you’re a defense contractor and need to comply with NIST 800-171, then you need to know about System Security Plans (SSPs) and Plans of Actions … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/what-is-a-poam/
-
Nur NIST P-521 betroffen: PuTTY-Lücke kompromittiert private SSH-Schlüssel
Tags: nistBereits seit sieben Jahren schlummert die Lücke im freien Terminalclient PuTTY. Angreifer müssen jedoch einige Hürden nehmen, um SSH-Schlüssel zu klau… First seen on heise.de Jump to article: www.heise.de/news/Nur-NIST-P-521-betroffen-PuTTY-Luecke-kompromittiert-private-SSH-Schluessel-9687539.html
-
NIST Cybersecurity Framework: A Cheat Sheet for Professionals (Free PDF)
The tech world has a problem: Security fragmentation. There’s no standard set of rules or even language for mitigating cyber risk used to address the … First seen on techrepublic.com Jump to article: www.techrepublic.com/resource-library/downloads/nist-cybersecurity-framework-a-cheat-sheet-for-professionals-free-pdf/
-
CISO Corner: Breaking Staff Burnout, GPT-4 Exploits, Rebalancing NIST
First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/ciso-corner-gpt-4-exploits-breaking-staff-burnout-rebalancing-nist
-
Sicherheitslücke in Putty: Rekonstruktion privater ECDSA-Schlüssel möglich
Angreifer können mit Putty verwendete Nist-P521-basierte Private Keys rekonstruieren. Auch andere Tools wie Filezilla, WinSCP und Tortoisegit sind anf… First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-in-putty-rekonstruktion-privater-ecdsa-schluessel-moeglich-2404-184208.html
-
Rebalancing NIST: Why ‘Recovery’ Can’t Stand Alone
Tags: nistFirst seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/rebalancing-nist-why-recovery-cant-stand-alone
-
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
The National Institute of Standards and Technology’s updated Cybersecurity Framework 2.0 can help healthcare organizations better formalize their gove… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/how-nist-csf-20-help-healthcare-sector-firms-i-5369
-
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)
A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the >>heavi… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/16/cve-2024-31497/
-
Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation
An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/open-letter-nist-restore-nvd/
-
NIST CSF: A Fellowship for Your Cybersecurity Journey to 2.0
By Samuel Lewis, Senior Security Consultant The National Institute of Standards and Technology (NIST) released version 2.0 of the Cybersecurity Fram… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/nist-csf-a-fellowship-for-your-cybersecurity-journey-to-2-0/
-
NIST Wants Help Digging Out of Its NVD Backlog
First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-needs-help-digging-out-of-its-vulnerability-backlog
-
NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0)
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/nist-artificial-intelligence-risk-management-framework-ai-rmf-1-0/
-
NIST Grants $3.6 Million to Boost US Cybersecurity Workforce
NIST announced $3.6 million in grants for 18 education and community organizations to build the future cybersecurity workforce. The post ounced $3.6 m… First seen on securityweek.com Jump to article: www.securityweek.com/nist-grants-3-6-million-to-boost-us-cybersecurity-workforce/
-
NIST is working on longer-term solutions
The recent conspicuous faltering of the National Vulnerability Database (NVD) is >>based on a variety of factors, including an increase in software an… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/03/nvd-nist-support-solutions/
-
Sicherheitslückendatenbank NVD: NIST sucht den Ausweg aus Analyserückstand
First seen on heise.de Jump to article: www.heise.de/news/Sicherheitslueckendatenbank-NVD-NIST-sucht-den-Ausweg-aus-Analyserueckstand-9673988.html
-
NIST’s backlog of vulnerability analysis blamed on lack of support
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/nists-backlog-of-vulnerability-analysis-blamed-on-lack-of-support
-
CVE and NVD A Weak and Fractured Source of Vulnerability Truth
MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of al… First seen on securityweek.com Jump to article: www.securityweek.com/cve-and-nvd-a-weak-and-fractured-source-of-vulnerability-truth/
-
NIST Proposes Public-Private Group to Help with NVD Backlog
An embattled National Institute of Standards and Technology (NIST), hobbled by budget cuts, is looking for more help from both inside and outside the … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/nist-proposes-public-private-group-to-help-with-nvd-backlog/
-
Continuous Monitoring and Frameworks: A Web of Security Vigilance
This blog delves into how continuous monitoring enhances the effectiveness of security frameworks, like ISO 27001, NIST CSF and SOC 2. The post g delv… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/continuous-monitoring-and-frameworks-a-web-of-security-vigilance/
-
NIST Unveils New Consortium to Operate National Vulnerability Database
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-unveils-new-nvd-consortium/
-
NIST’s Vuln Database Downshifts, Prompting Questions About Its Future
Tags: nistFirst seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/nist-vuln-database-downshifts-prompting-questions-about-its-future
-
NIST NVD Under Construction
In recent weeks, NIST’s National Vulnerability Database (NVD) has been experiencing a slowdown. Since February 15, 2024, a prominent notice has adorne… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/nist-nvd-under-construction/
-
Update Delays To NIST Vulnerability DB Alarms Researchers
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/35669/Update-Delays-To-NIST-Vulnerability-DB-Alarms-Researchers.html
-
NIST’s NVD has encountered a problem
Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is stru… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/03/19/nvd-vulnerability-management/
-
What is OSCAL and Why Does It Matter for NIST and FedRAMP?
What is OSCAL and Why Does It Matter for NIST and FedRAMP? Complying with federal cybersecurity guidelines is a difficult task. Unfortunately, many co… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/what-is-oscal-and-why-does-it-matter-for-nist-and-fedramp/
-
Understanding the Key Updates in NIST Cybersecurity Framework 2.0
When the guys at the National Institute of Standards and Technology (NIST) released the inaugural Cybersecurity Framework in February 2014, it did not… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/understanding-the-key-updates-in-nist-cybersecurity-framework-2-0/
-
How the New NIST 2.0 Guidelines Help Detect SaaS Threats
NIST just-released its Cybersecurity Framework (CSF) 2.0, which seems to have SaaS security in mind. Learn more from Adaptive Shield about how the NIS… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-the-new-nist-20-guidelines-help-detect-saas-threats/
-
NIST National Vulnerability Database Disruption Sees CVE Enrichment on Hold
Vulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk an… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-vulnerability-database/
-
Read the Latest NIST Cybersecurity Framework Updates
This blog reviews NIST cybersecurity framework 2.0 updates, and the difference between the CSF and NIST’s data privacy framework. The post g reviews N… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/read-the-latest-nist-cybersecurity-framework-updates/