The Cybersecurity Framework (CSF) was developed by the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce. This framework was created through collaboration between various private-sector and government experts to provide high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.
In September 2019, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) announced the release of a draft practice guide entitled, “NIST Special Publication (SP) 1800-23: Energy Sector Asset Management.” The NCCoE spent the next two months collecting comments from the public to improve their guide. They then used this feedback to improve upon their initial draft. But the wait is finally over.
Security configurations are security-specific settings used to secure heterogeneous endpoints such as servers, desktops, laptops, mobile devices, and tablets. As endpoints in your network diversify, securing each endpoint becomes a challenge. One way to ensure effective endpoint security is by automating it, which is where security configurations come into play. Security configurations are utilized to secure and control every facet of your network.
At the beginning of March 2020, Fifth Domain reported that Colorado-based aerospace, automotive and industrial parts manufacturer Visser Precision LLC had suffered a DoppelPaymer ransomware infection. Those behind this attack ultimately published information stolen from some of Visser’s customers. Those organizations included defense contractors Lockheed Martin, General Dynamics, Boeing and SpaceX.
The National Institute of Standards and Technology (NIST), a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce, recently released their guidelines for password security. Some of them are contrary to what we’ve come to believe are good password policies. Our IT security expert will talk more about these guidelines in our upcoming webinar. Let’s take a look at what some of them are.
Together with the National Cybersecurity Center of Excellence (NCCoE), the National Institute of Standards and Technology (NIST) has released a series of practice guides that focuses on data integrity: the property that data has not been altered in an unauthorized manner. Tripwire is very proud to have contributed and collaborated with other technology vendors in the development of these practice guides.
The most recent National Institute of Standards and Technology (NIST) guidelines have been updated for passwords in section 800-63B. The document no longer recommends combinations of capital letters, lower case letters, numbers and special characters. Yet most companies and systems still mandate these complexity requirements for passwords. What gives?
NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST SP 800-171 or NIST 800-171), provides federal agencies with a set of guidelines designed to ensure that Controlled Unclassified Information (CUI) remains confidential and unchanged in nonfederal systems and organizations.
NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations (NIST SP 800-53 or NIST 800-53), establishes an information security standard for the federal government. Specifically, NIST 800-53 establishes security controls and privacy controls for federal information systems and organizations excluding those involved with national security.
