November 20, 2024 at 10:12AM The commentary emphasizes the underfunding of essential U.S. cybersecurity agencies, particularly NIST and the National Vulnerabilities Database (NVD). It argues that inadequate resources jeopardize the nation’s cybersecurity efforts, urging Congress to provide appropriate funding to safeguard critical infrastructure and maintain the U.S.’s status as a cyber superpower. ### Meeting Takeaways: … Read more
November 14, 2024 at 06:10AM NIST reported that all known exploited CVEs in the backlog have been addressed, but acknowledged that completely clearing the backlog by October was overly optimistic. **Meeting Takeaways:** 1. **Status of CVE Backlog**: NIST has addressed all known exploited CVEs but acknowledges that clearing the entire backlog by October was an … Read more
October 23, 2024 at 07:33PM Pennsylvania State University will pay $1.25 million to settle Justice Department claims of misleading cybersecurity compliance. Allegations stem from a whistleblower lawsuit, stating Penn State failed to implement required NIST security standards for sensitive data in contracts with the Pentagon and NASA. The settlement does not imply guilt. **Meeting Takeaways: … Read more
September 26, 2024 at 02:37PM The House committee advanced a bill allowing the NIST to formalize reporting of AI security vulnerabilities, facing funding concerns. The bipartisan AI Incident Reporting and Security Enhancement Act, now at full Congress, mandates NIST to incorporate AI systems into NVD. There’s concern over funding and clarifying certain terms in the … Read more
September 5, 2024 at 06:03AM The NIST Cybersecurity Framework (CSF), introduced in 2013, provides a voluntary framework to manage cyber risk by organizing and prioritizing security measures into five core functions. The latest version, CSF 2.0, emphasizes continuous improvement, broader enterprise risk management, and proactive cybersecurity. The CSF and Continuous Threat Exposure Management (CTEM) program … Read more
August 23, 2024 at 03:37PM The arrival of post-quantum computing in the real world means a race against the 10-year timeline set by NIST for updating vulnerable cryptography. The transition to post-quantum cryptography requires careful planning, including asset inventory, remediation, and collaboration with vendors and partners. The urgency of this shift cannot be overstated, as … Read more
August 14, 2024 at 03:38PM The U.S. National Institute of Standards and Technology (NIST) has unveiled three encryption standards to withstand potential cyber threats from quantum computing technology. Based on the meeting notes, the U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards specifically designed to withstand potential cyberattacks … Read more
August 13, 2024 at 04:49PM The National Institute of Standards and Technology (NIST) published three new encryption algorithms as part of its post-quantum cryptography (PQC) standardization project to enhance global cybersecurity. FIPS 203 focuses on general encryption using CRYSTALS-Kyber, while FIPS 204 and 205 aim to protect digital signatures using CRYSTALS-Dilithium and Sphincs+, respectively. NIST … Read more
August 13, 2024 at 08:06AM NIST has formally published three post-quantum cryptography standards resulting from a competition aimed at developing encryption resistant to quantum computing decryption. The standards are ML-KEM, ML-DSA, and SLH-DSA, with a fourth, FN-DSA, selected for future standardization. IBM played a significant role in their development and is actively involved in quantum-safe … Read more
July 30, 2024 at 08:06AM The National Vulnerability Database, overseen by NIST, faces a mounting backlog, projected to reach almost 30,000 unaddressed vulnerabilities by year-end. With constraints hindering timely analysis, NVD’s ability to support defenders in prioritizing and responding to security flaws is compromised. Collaborations and augmented resources aim to alleviate the backlog before fiscal … Read more