Latest Headlines

Latest Headlines

NSA inserted backdoor into NIST random number generator method

The NSA appears to have inserted a vulnerability into an encryption method adopted as a technical standard by NIST in 2006, says reporting based on more leaked documents from former intelligence contractor Edward Snowden. NIST said that it uses "a transparent, public process to rigorously vet our recommended standards. If vulnerabilities are found, we work with the cryptographic community to address them as quickly as possible."

New NIST technical specification allows derived PIV authentication for mobile devices

Agencies increasingly use,  or plan to use, the biometric data PIV cards to control access to agency networks, but the rise of mobile devices has put a crimp in that, since card readers may easily be integrated into desktops or laptops, but not smartphones or tablets.

NIST discussion draft of cybersecurity framework leaves many unanswered questions

NIST released the discussion  draft  (.pdf) Aug. 28 in anticipation of a fourth workshop on the framework set to be  held  in Dallas Sept. 11-13. A preliminary framework is due this October, with a finalized version due in February.  

USPS credentialing contract moves NSTIC forward

The Postal Service awarded Aug. 20 a $15 million contract to stand up a Federal Cloud Credential Exchange. The one-year pilot will create an authentication infrastructure that enables individuals to securely access online services at multiple federal agencies.

NIST proposes supply chain control overlay

A new proposed cybersecurity control overlay from the National Institute of Standards and Technology for federal agency supply chain risk management would add a new family of controls that would at minimum require tracking systems or components as they wind their way through the supply chain.

Pew-Harvard survey examines teens and online privacy

The majority of teens, 70 percent, seek guidance from friends and relatives when it comes to online privacy, according to a  survey  (.pdf) published Aug. 15 by Pew Research Center and Harvard University.

NSTIC pilots fuel discussion on identity functions

Pilots testing identity solutions that follow the guiding principles of the  National Strategy for Trusted Identities in Cyberspace  have revealed confusion around functional roles--a problem that was initially thought to be a mere "terminology disconnect" among stakeholders.

Commerce Dept. critical of liability protection as cybersecurity framework incentive

Liability protection as an incentive for private sector adoption of the cybersecurity framework under development by the National Institute of Standards and Technology requires further study, says the Commerce Department in a discussion paper that takes a skeptical view of the need for protection against tort claims and other possible private sector incentives.

NIST cybersecurity framework bill voted out of Senate committee

The Senate Commerce, Science and Transportation Committee passed by voice vote July 31 a cybersecurity bill that would codify into law the private sector cybersecurity framework called for by President Obama in a Feb. 12  executive order.

IT system security authorization more dynamic than in past, says NIST official

Perceptions about the information technology security authorization process as being archaic and bureaucratic aren't keeping pace with a shift to a risk-based approach being fostered by the National Institute of Standards and Technology and the Defense Department, said Ron Ross, a NIST cybersecurity official.