Using sound methodology when examining a mobile device as part of a digital forensic investigation will ensure accurate reporting, says the National Institute of Standards and Technology in its recently-published guidelines on mobile device forensics.
The program, part of a bill (H.R. 1421) introduced in the House in April, would award vouchers worth up to $20,000 to small manufacturers to pay for technical expertise from universities or federal research institutions. Researchers would help the companies with early-stage product development and the commercialization of new technologies.
The National Institute of Standards and Technology says cryptographers should not use for now a NIST random number generator algorithm whose trustworthiness has been called into question by leaks from former intelligence contractor Edward Snowden. NIST also says it will revise the special publication containing the algorithm, SP 800-90A (.pdf).
The NSA appears to have inserted a vulnerability into an encryption method adopted as a technical standard by NIST in 2006, says reporting based on more leaked documents from former intelligence contractor Edward Snowden. NIST said that it uses "a transparent, public process to rigorously vet our recommended standards. If vulnerabilities are found, we work with the cryptographic community to address them as quickly as possible."
Agencies increasingly use, or plan to use, the biometric data PIV cards to control access to agency networks, but the rise of mobile devices has put a crimp in that, since card readers may easily be integrated into desktops or laptops, but not smartphones or tablets.
NIST released the discussion draft (.pdf) Aug. 28 in anticipation of a fourth workshop on the framework set to be held in Dallas Sept. 11-13. A preliminary framework is due this October, with a finalized version due in February.
The Postal Service awarded Aug. 20 a $15 million contract to stand up a Federal Cloud Credential Exchange. The one-year pilot will create an authentication infrastructure that enables individuals to securely access online services at multiple federal agencies.
A new proposed cybersecurity control overlay from the National Institute of Standards and Technology for federal agency supply chain risk management would add a new family of controls that would at minimum require tracking systems or components as they wind their way through the supply chain.
The majority of teens, 70 percent, seek guidance from friends and relatives when it comes to online privacy, according to a survey (.pdf) published Aug. 15 by Pew Research Center and Harvard University.
Pilots testing identity solutions that follow the guiding principles of the National Strategy for Trusted Identities in Cyberspace have revealed confusion around functional roles--a problem that was initially thought to be a mere "terminology disconnect" among stakeholders.