Tag: nist

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD

Mar 24, 2025 6:13 PM

Tags: data, nist, nvd, vulnerability, vulnerability-management

The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth. The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/nist-still-struggling-to-clear-vulnerability-submissions-backlog-in-nvd/
CISOs are taking on ever more responsibilities and functional roles has it gone too far?

Mar 24, 2025 8:13 AM

Tags: ai, business, cio, ciso, cloud, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, framework, fraud, governance, healthcare, infosec, intelligence, international, Internet, jobs, law, mitigation, nist, privacy, regulation, resilience, risk, risk-management, service, skills, software, supply-chain, technology, threat

th century alongside technology and internet-enabled threats, morphing to meet the demands of the moment. But the position hasn’t just matured; in many cases it has expanded, taking on additional domains.”The CISO role has expanded significantly over the years as companies realize that information security has a unique picture of what is going on across…
UK cyber agency suggests 2035 deadline to move to quantum-safe encryption, warns of threats

Mar 20, 2025 1:13 PM

Tags: banking, cloud, computing, cyber, cybersecurity, encryption, finance, infrastructure, nist, risk, service, threat, vulnerability

Challenges for enterprises: The NCSC’s roadmap underscores the urgency of transitioning to PQC, but businesses may face significant challenges in meeting the proposed timelines.The migration process could be complex, costly, and disruptive, requiring organizations to overhaul encryption protocols embedded in critical infrastructure, financial systems, and cloud services.Kawoosa pointed out that while enterprises typically have basic…
NIST Announces HQC as Fifth Standardized Post Quantum Algorithm

Mar 17, 2025 6:52 PM

Tags: backup, nist

First choices for both KEMs and DSAs are already standardized, and organizations should not wait for the backups to be available before migrating to PQC. The post NIST Announces HQC as Fifth Standardized Post Quantum Algorithm appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/nist-announces-hqc-as-fifth-standardized-post-quantum-algorithm/
Week in review: NIST selects HQC for post-quantum encryption, 10 classic cybersecurity books

Mar 16, 2025 10:52 AM

Tags: backup, cybersecurity, encryption, nist, WeeklyReview

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST selects HQC as backup algorithm for post-quantum encryption Last year, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/16/week-in-review-nist-selects-hqc-for-post-quantum-encryption-10-classic-cybersecurity-books/
NIST SP 800-171 Rev 2 vs Rev 3: What’s The Difference?

Mar 14, 2025 9:52 PM

Tags: cybersecurity, framework, government, nist, technology

Government cybersecurity and information security frameworks are a constant work in progress. Many different frameworks draw their requirements from the National Institute of Standards and Technology, and one of the most important documents for cybersecurity is NIST Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. One of the key pillars of……
Beyond Checkboxes: The Essential Need for Robust API Compliance

Mar 14, 2025 6:52 PM

Tags: access, api, attack, authentication, automation, banking, breach, business, cloud, compliance, control, credentials, cyber, cybersecurity, data, detection, encryption, exploit, finance, framework, fraud, GDPR, governance, government, HIPAA, infrastructure, injection, insurance, least-privilege, malicious, mfa, mitre, monitoring, nist, PCI, privacy, regulation, risk, service, tactics, technology, theft, threat, tool, unauthorized, vulnerability, zero-trust

APIs serve as essential links in today’s digital infrastructure, enabling data sharing and application integration. However, their widespread use has made them prime targets for attackers. Hence, strict compliance with security regulations is not just optional; it is imperative for business success. The increasing frequency of data breaches and the sophistication of cyber threats highlight…
Generative AI red teaming: Tips and techniques for putting LLMs to the test

Mar 13, 2025 7:52 AM

Tags: ai, attack, best-practice, business, data, defense, detection, exploit, framework, group, guide, infrastructure, injection, LLM, mitigation, mitre, ml, nist, privacy, RedTeam, risk, skills, strategy, technology, threat, tool, vulnerability

Defining objectives and scopeAssembling a teamThreat modelingAddressing the entire application stackDebriefing, post-engagement analysis, and continuous improvementGenerative AI red teaming complements traditional red teaming by focusing on the nuanced and complex aspects of AI-driven systems including accounting for new testing dimensions such as AI-specific threat modeling, model reconnaissance, prompt injection, guardrail bypass, and more. AI red-teaming…
NIST Finalizes Differential Privacy Rules to Protect Data

Mar 12, 2025 11:56 PM

Tags: data, nist, privacy, technology

The National Institute of Standards and Technology (NIST) released updated differential privacy guidelines for organizations to follow to protect personally identifiable information when sharing data. First seen on darkreading.com Jump to article: www.darkreading.com/data-privacy/nist-finalizes-differential-privacy-rules-to-protect-data
NIST selects HQC as backup algorithm for post-quantum encryption

Mar 12, 2025 4:52 PM

Tags: backup, cyberattack, data, encryption, nist

Last year, NIST standardized a set of encryption algorithms that can keep data secure from a cyberattack by a future quantum computer. Now, NIST has selected a backup … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/12/nist-hqc-post-quantum-encryption-algorithm/
NIST Releases New Report on Crypto-Agility What You Need to Know Now

Mar 12, 2025 4:52 PM

Tags: crypto, cryptography, cybersecurity, nist, strategy, technology

If you’re keeping up with post-quantum cryptography (PQC), here’s some big news: The U.S. National Institute of Standards and Technology (NIST) has released a fresh initial public draft of a Cybersecurity Whitepaper titled Considerations for Achieving Crypto-Agility. This whitepaper tackles the real-world challenges and trade-offs involved in cryptographic transitions and discusses key strategies for achieving……
What is risk management? Quantifying and mitigating uncertainty

Mar 7, 2025 7:53 AM

Tags: breach, business, cio, ciso, compliance, control, cyber, cyberattack, data, finance, flaw, framework, governance, healthcare, infosec, infrastructure, insurance, international, jobs, mitigation, monitoring, nist, risk, risk-analysis, risk-assessment, risk-management, software, strategy, technology, tool, vulnerability

How do organizations structure risk management operations?: Risk management has in some organizations traditionally been multicentric, with different departments or individuals within the org implementing risk management techniques in their work: Risk management is a component of good project management, for instance. IT leaders in particular must be able to integrate risk management philosophies and…
House passes bill requiring federal contractors to have vulnerability disclosure policies

Mar 4, 2025 5:34 PM

Tags: data, nist, vulnerability

The legislation to make contractors implement VDPs aligned with NIST guidelines is aimed at protecting Americans’ data, co-sponsor Rep. Nancy Mace says. First seen on cyberscoop.com Jump to article: cyberscoop.com/house-passes-federal-contractors-vdp-bill/
Is your enterprise ‘cyber resilient’? Probably not. Here’s how other boards fixed that

Feb 28, 2025 6:34 PM

Tags: backup, breach, business, ciso, cloud, compliance, control, cyber, cyberattack, cybersecurity, endpoint, finance, framework, governance, incident, metric, monitoring, nist, resilience, risk, service, strategy, supply-chain, tool, training, vulnerability, vulnerability-management

Lockheed Martin: Lockheed Martin introduced its Cyber Resiliency Level (CRL) Framework and corresponding Scoreboard in 2018, illustrating a more formalized approach to measuring cyber resilience during this period. The company’s Cyber Resiliency Scoreboard includes tools like a questionnaire and dashboard for measuring the maturity levels of six categories, including Cyber Hygiene and Architecture.MIT: The Balanced Scorecard for Cyber Resilience (BSCR) provides…
What is zero trust? The security model for a distributed and risky era

Feb 28, 2025 11:34 AM

Tags: access, ai, authentication, best-practice, breach, business, ceo, cloud, compliance, computer, computing, control, corporate, credentials, cyberattack, data, detection, framework, government, guide, identity, infrastructure, intelligence, jobs, login, monitoring, network, nist, office, password, ransomware, regulation, risk, saas, service, technology, threat, tool, vpn, zero-trust

How zero trust works: To visualize how zero trust works, consider a simple case: a user accessing a shared web application. Under traditional security rules, if a user was on a corporate network, either because they were in the office or connected via a VPN, they could simply click the application and access it; because…
Google Integrates Quantum-Safe Digital Signatures

Feb 21, 2025 11:23 PM

Tags: cloud, computing, google, microsoft, nist

Computing Giant Warns Against Future Decryption of Secure Communications. Google adopted quantum-safe digital signatures for its cloud environment designed to help users combat the next phase of adversarial attacks. The announcement from the company comes days after Microsoft unveiled its latest quantum chip. NIST formalized the algorithms in August 2024. First seen on govinfosecurity.com Jump…
Understanding OWASP’s Top 10 list of non-human identity critical risks

Feb 20, 2025 7:46 AM

Tags: access, api, attack, authentication, awareness, best-practice, blizzard, breach, cloud, compliance, computing, control, credentials, cybersecurity, data, data-breach, detection, encryption, exploit, framework, gartner, guide, iam, identity, infrastructure, Internet, kubernetes, least-privilege, malicious, marketplace, mfa, microsoft, mitigation, monitoring, network, nist, okta, password, programming, radius, risk, saas, security-incident, service, software, technology, threat, tool, unauthorized, vulnerability, zero-trust

OWASPThis scenario also occurs with NHIs, and as mentioned above, at a scale that significantly exceeds that of their human counterparts. In this case, the credentials are often tied to applications, services, automated workflows, and systems that are given NHI credentials to facilitate activities but then never cleaned up as the associated applications, services, and…
What is anomaly detection? Behavior-based analysis for cyber threats

Feb 14, 2025 7:48 AM

Tags: ai, attack, awareness, business, ceo, ciso, computer, control, credentials, cyber, cybersecurity, data, detection, edr, endpoint, firewall, framework, fraud, ibm, infrastructure, injection, jobs, malware, network, nist, ransomware, siem, soc, sql, strategy, threat, tool, waf

a priori the bad thing that you’re looking for,” Bruce Potter, CEO and founder of Turngate, tells CSO. “It’ll just show up because it doesn’t look like anything else or doesn’t look like it’s supposed to. People have been tilting at that windmill for a long time, since the 1980s, trying to figure out what…
FedRAMP ConMon vs Audits: What’s the Difference?

Feb 8, 2025 1:06 AM

Tags: control, fedramp, nist, privacy, risk, technology

A lot goes into protecting the information security of the nation. The National Institute of Standards and Technology, NIST, maintains a list of security controls under the banner of NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations. Meanwhile, the Federal Risk and Authorization Management Program, or FedRAMP, sets up a framework……
NIST Compliance Checklist: A Guide

Feb 7, 2025 6:06 AM

Tags: compliance, cybersecurity, data, framework, guide, nist, risk, technology
MSSP Market Update: Judy Security, Strike Graph Partner for NIST Compliance

Feb 6, 2025 10:06 PM

Tags: compliance, mssp, nist, update

First seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-judy-security-strike-graph-partner-for-nist-compliance
It pays to know how your cybersecurity stacks up

Feb 4, 2025 10:12 PM

Tags: advisory, attack, breach, business, ceo, ciso, cloud, cybersecurity, data, endpoint, framework, gartner, group, intelligence, international, jobs, metric, network, nist, risk, startup, technology, tool, update

Like all other business leaders, chief information security officers (CISOs) could find themselves on the unemployment line if something on their watch goes seriously sideways.But what if CISOs simply aren’t demonstrating enough business value?With companies cutting costs, proving cybersecurity programs are good for the business has become vital to protecting budgets and jobs. That’s why…
What 2025 HIPAA Changes Mean to You

Feb 4, 2025 10:12 AM

Tags: access, application-security, authentication, breach, business, cloud, compliance, control, cybersecurity, data, encryption, healthcare, HIPAA, identity, incident response, insurance, law, mfa, monitoring, nist, office, penetration-testing, privacy, risk, risk-analysis, service, strategy, threat, tool, vulnerability

What 2025 HIPAA Changes Mean to You madhav Tue, 02/04/2025 – 04:49 Thales comprehensive Data Security Platform helps you be compliant with 2025 HIPAA changes. You are going about your normal day, following routine process at your healthcare organization, following the same business process you’ve followed for the last twelve years. You expect Personal Health…
Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks

Feb 3, 2025 12:12 PM

Tags: attack, awareness, framework, nist, phishing, training

The NIST Phish Scale framework offers a structured and effective approach to improving phishing awareness training in organizations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/using-the-nist-phish-scale-framework-to-detect-and-fight-phishing-attacks/
How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

Jan 28, 2025 12:36 PM

Tags: access, defense, hacker, nist, password, unauthorized

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them First…
US takes aim at healthcare cybersecurity with proposed HIPAA changes

Jan 28, 2025 10:03 AM

Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-management

The US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Jan 23, 2025 11:22 AM

Tags: access, authentication, breach, business, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, encryption, endpoint, hacker, healthcare, HIPAA, insurance, mfa, network, nist, office, privacy, regulation, risk, risk-assessment, service, software, strategy, threat, unauthorized, update, vulnerability

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA madhav Thu, 01/23/2025 – 06:25 Data Breaches in Healthcare: Why Stronger Regulations Matter A data breach involving personal health information isn’t just about stolen files”, it’s a gut punch to trust and a serious shake-up to people’s lives. Think about…
25 on 2025: APAC security thought leaders share their predictions and aspirations

Jan 22, 2025 8:22 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, business, ciso, cloud, compliance, control, cryptography, csf, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, data-breach, deep-fake, detection, disinformation, encryption, endpoint, exploit, extortion, finance, framework, fraud, government, group, hacking, Hardware, identity, incident, incident response, infrastructure, injection, intelligence, international, iot, malicious, malware, microsoft, monitoring, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, scam, service, skills, social-engineering, software, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, update, vulnerability, warfare, zero-trust

As threat actors and security teams harness the growing potential of artificial intelligence (AI), who will prevail? From generative AI (GenAI) to agentic AI, we look through the lens of 25 of Asia-Pacific’s thought leaders in security and dive into their predictions and goals for the year. src=”https://b2b-contenthub.com/wp-content/uploads/2025/01/Athikom.jpg?quality=50&strip=all” alt=”athikom” loading=”lazy” width=”400px”>Athikom Kanchanavibhu Chief Information Security…
5 Things Government Agencies Need to Know About Zero Trust

Jan 15, 2025 6:02 PM

Tags: access, application-security, attack, best-practice, business, cloud, control, cyber, cybersecurity, data, gartner, government, identity, incident response, infrastructure, Internet, jobs, monitoring, network, nist, risk, skills, strategy, technology, update, vulnerability, vulnerability-management, zero-trust

Zero trust as a concept is simple to grasp. Implementing a zero trust architecture, on the other hand, is complex because it involves addressing a unique mix of process, procedure, technology and user education. Here are some considerations to keep in mind as you begin your journey. Draft guidance on implementing a zero trust architecture,…
Securing the Quantum Era: What NIST’s New Encryption Standards Mean for Cybersecurity

Jan 7, 2025 10:18 PM

Tags: cybersecurity, encryption, nist

First seen on scworld.com Jump to article: www.scworld.com/perspective/securing-the-quantum-era-what-nists-new-encryption-standards-mean-for-cybersecurity