Home Tags National Institute of Standards and Technology (NIST)

Tag: National Institute of Standards and Technology (NIST)

Updated version includes changes to some existing guidelines - and adds some new ones.
Recent guidance from NIST may seem counterintuitive.
Federal agency addresses the new world of Alexa, smart cameras and IoT A draft of new IT security measures by the US National Institute of Standards and Technology (NIST) has for the first time pulled privacy into its core text as well as expanded its scope to include the internet of things and smart home technology.…
A study from security awareness vendor KnowBe4 surveyed IT professionals' views on new NIST guidance that advocates the use of longer passwords.
Irsquo;m often asked about paired private and public clouds, aka hybrid clouds. What are they? How do you use them? Should you use them?Irsquo;m not talking about hybrid clouds that are defined as traditional systems paired with public clouds or as multicloud architectures composed of more than one public cloud, but hybrid clouds as defined by NIST in 2011.

The definition is important because Irsquo;m finding that people use the “hybrid cloudrdquo; term very sloppily still.[ To the cloud! Real-world container migrations. | Dig into the the red-hot open source framework in InfoWorldrsquo;s beginnerrsquo;s guide to Docker. ]The problem with hybrid clouds is that they are typically defined to be paired private and public clouds, which is the correct definition.

The problem with this architecture is that they have the concept of “private cloudrdquo; in the architecture, and that dog does not seem to hunt anymore. To read this article in full or to leave a comment, please click here
In an effort to bring consistency when describing the tasks, duties, roles, and titles of cybersecurity professionals, the National Institute of Standards and Technology released the finalized draft version of its framework.
Oscillators give an uncertainty-principle-defeating measurement an advantage.
Glimpse into the agencyrsquo;s archive of scientific objects and help identify unknown ones.
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
EO calls for immediate review of federal agencies' security postures, adoption of the NIST Framework, and a focus on critical infrastructure security.
President Trump signed the cybersecurity executive order that mandates federal agencies implement the NIST Framework for risk management.
The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the aging SHA-1 hashing function as insecure.

The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year.Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005.

The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made -- for example, for outdated payment terminals.To read this article in full or to leave a comment, please click here