NIST CSF Getting a Major Revamp Soon
The US NIST is about to bring significant changes to its Cybersecurity Framework (CSF) – seen as the biggest review in the last five years. The initial version is published…
Bye Bye SHA-1 ! NIST set to retire it
NIST has set the date of Dec. 31, 2030, to remove SHA-1 support from all software and hardware devices. NIST deprecated SHA-1 in 2011 and disallowed using SHA-1 when creating…
Draft HIPAA Security Rule
The NIST has released an initial draft of HIPAA Security Rule: A Cybersecurity Resource Guide (an update on 2008 NIST Guide) for public comment. This Guide provides guidance on assessing and managing…
NIST Publication on Supply Chain Risk Management
The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for addressing software supply-chain risk, offering tailored sets of suggested security controls for various stakeholders. Software supply-chain…
NIST IoT Guidelines
The NIST issued draft recommendations for IoT labeling criteria in response to President Biden’s Executive Order (EO) on Improving the Nation’s Cybersecurity. These recommendations outline cybersecurity criteria for an IoT product labeling…
NIST Cyber Resiliency Now Includes Critical Infra Controls
NIST has published an update to its cyber resiliency engineering framework that advocates building resilient IT systems that can withstand a modern attack by limiting the damage an attacker can…
NIST Software Security Guidance
NIST spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code. The best practices could be a model for the private sector…
Posted incyber policy
NIST Drafts Ransomware Risk Management
NIST has released a draft Cybersecurity Framework Profile for Ransomware Risk Management to help organizations prevent, respond and recover from ransomware attacks. The Ransomware Profile is intended to be used…