Tag:
NIST Special Publication
Latest Headlines
Latest Headlines
Agencies have cybersecurity control flexibility, reminds DHS
Security controls listed in National Institute of Standards and Technology Special Publication 800-53 are not absolutely mandatory, especially not to the point where they would interfere with business operations, the Homeland Security Department's National Cyber Security Division reminds federal agencies.
DOE proposes cybersecurity risk management process for electric energy industry
A proposed Energy Department cybersecurity risk management process guideline for the U.S. electric energy industry draws heavily from existing guidance published by the National Institute of
Responsibility for FedRAMP security controls will vary
The degree to which cloud service providers and federal agencies are each responsible for security controls under the FedRAMP program will depend according to the type of service offered and the
NIST instructs agencies on cyber-incident response
New cybersecurity guidance urges federal agencies to have formal incident response plans in place in preparation for the inevitable network or application intrusion. The guidance comes from a draft
SEC lacks in configuration management, says OIG
The Securities and Exchange Commission hasn't kept its cybersecurity documentation up to date, resulting in it not conducting baseline control configuration scans and not meeting other requirements
FedRAMP baseline controls released
Federal officials released Jan. 6 security controls that constitute the basis of governmentwide authorization and accreditation of cloud computing systems. The controls (.zip), part of a program
NIST embraces assertion-based remote e-authentication
An updated special publication from the National Institute of Standards and Technology on remote e-authentication includes more detail about identity assertions and permits protocols not included in
NIST details trusted root BIOS verification model
The National Institute of Standards and Technology outlines in a draft specification posted online Dec. 9 how a "roots of trust" cybersecurity model might operate at the level of computer BIOS. Roots
'Trusted roots' could hold key to info system security
WILLIAMSBURG, VA - Information systems security could be systematically improved through implementation of a "roots of trust" model that has at its bottom hardware or software built to security
NIST releases continuous monitoring guidance
Continuous security monitoring of information systems is most effective when done with automated systems, but it's impossible to entirely automate cybersecurity, says a new special publication...
