The White House is preparing executive branch agencies to adopt "zero trust" network architectures by 2024, with CISA and the OMB overseeing the creation of technology road maps that departments must follow. This is a major component of President Biden's cybersecurity executive order.
The Biden administration unveiled a package of supply chain and critical infrastructure security initiatives following a meeting at the White House with tech executives and others. Companies such as Google and Microsoft also promised billions in spending on cybersecurity over the next several years.
What are the latest cybersecurity issues? Join four Information Security Media Group editors as they describe the top issues of the week, including the risk of cyberattacks provoking a kinetic response, as well as top healthcare CISOs' tips for handling supply chain security, resiliency and ransomware.
NIST is updating "cyber resiliency" guidance to focus on mitigating modern cyberthreats to IT networks, especially ransomware and nation-state attacks. A draft encourages security defenders to move away from a perimeter-based defense to building resilient IT systems.
Citing a need to secure artificial intelligence technologies, NIST is working to create risk management guidance around the use of AI and machine learning, the agency has announced. NIST is seeking feedback to address governance challenges.
NIST has selected 18 technology companies to demonstrate "zero trust" security architectures as it prepares to draft guidance for use of the model by federal agencies, which the private sector can also follow.
New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code. The best practices could be a model for the private sector as well.
Two states have recently taken steps to bolster cybersecurity and data privacy protections. Connecticut has enacted a law designed to give certain legal protections to businesses that adhere to cybersecurity frameworks. And a new data privacy law in Colorado allows individuals to opt out of data collection.
NIST has published its definition of "critical software" for the U.S. federal government as the standards agency begins fulfilling requirements laid out in President Biden's executive order on cybersecurity. The software part of the executive order looks to reduce the threat of supply chain attacks.
No one needs more stats about the skills gap in cybersecurity; many organizations are obviously facing challenges in recruiting, skilling, and retaining security professionals. We haven’t written this cheat sheet to tell you what you already know. Instead, we will outline a realistic strategy for workforce-wide...
The U.S. federal government is increasingly using IoT devices across its agencies, which has raised concerns about security. NIST has published draft guidance to help federal agencies navigate safe IoT deployment and use, says Kat Megas, program manager in NIST's Cybersecurity for IoT Program.
In the wake of the SolarWinds breach, NIST's Ron Ross has turned his attention to systems security engineering - and the reality that the adversaries are exploiting it to their advantage better than the defenders are. This disparity, Ross says, has to change.
President Donald Trump on Friday signed into law the Internet of Things Cybersecurity Improvement Act of 2020, the first U.S. federal law addressing IoT security. The act requires federal agencies to only procure devices that meet minimum cybersecurity standards.
The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them.