Latest Headlines

Latest Headlines

Government can help manufacturing innovation, Pritzker tells Senate committee

Through the administration proposed National Network for Manufacturing Innovation, the government can play a role in innovating the way products are manufactured in the United States by getting business to invest in new ideas behind manufcaturing methods, Commerce Secretary Penny Pritzker told a Senate panel Nov. 13.

DHS cybersecurity organizations lack resources for staffing, training

Hackers wishing to penetrate industrial control systems late at night or on the weekends will find their work mostly unhindered by ICS-CERT response, find Homeland Security Department auditors. In a newly released Oct. 24  report  (.pdf) from the DHS office of inspector general, auditors say the ICS-CERT--the DHS organization tasked with analyzing and investigating ICS incidents and vulnerabilities--only has enough personnel to operate 12 hours a day for five days per week.

NIST reviews its cryptographic standards development process

The National Institute of Standards and Technology will review its cryptographic standards development process and subject it to public comment and a formal review by an independent organization, the agency  announced  Nov. 1. In addition, Computer Security Division Chief Donna Dodson wrote that NIST will examine its existing body of cryptographic work and the procedures used to develop them, promising to address any cases where in retrospect the agency fell short "as quickly as possible."

Spotlight: NIST preliminary cybersecurity framework officially out for comment

The preliminary national critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is now officially open for comment following its...

NIST revises cybersecurity training special publication

In the draft –  NIST SP 800-16 R. 1, second draft, version two  (.pdf) – NIST notes that training differs from education, with the latter being led by the National Initiative for Cybersecurity Education. The NICE workforce  taxonomy  released in 2011 provides a framework for the education of cybersecurity workers, the draft says, whereas this NIST special publication focuses on how all federal workers will ensure government is information is secure.

Many unknowns pervade NIST preliminary cybersecurity framework

A  slightly-delayed  preliminary federal cybersecurity framework detailing cybersecurity standards meant for voluntary adoption by private sector operators of critical infrastructure that the National Institute of Standards and Technology released Tuesday still leaves unanswered questions about how adoption will be measured.

Audio: NIST officials discuss preliminary draft of private sector cybersecurity framework

The National Institute of Standards today release a much anticipated,  slightly delayed   preliminary draft  (.pdf) of the cybersecurity framework meant for voluntary adoption by private sector operators of critical infrastructure.

USPS offers a peek at cloud credential exchange

The Federal Cloud Credential Exchange will reduce the complexity of credentialing, speed up integration with identity providers, improve consumer privacy and ease of use, and cut agency authentication costs, said Douglas Glair, manager of digital partnerships and alliances at the Postal Service, during a recent presentation. The FCCX will serve as a single broker to authenticate consumers, so end-users won't have to obtain a new credential each time they interact with an agency application, he added.

NIST cybersecurity framework draft delayed by shutdown

The Oct. 10 deadline for the National Institute of Standards and Technology to issue a preliminary cybersecurity framework for private sector operators of critical infrastructure came and went without action, due to the ongoing government shutdown.

NIST: Cryptographic key management a challenge in the cloud

Generating and interacting with data in the cloud requires security capabilities dependent on the cryptographic keys--but managing these keys is complex in a cloud environment, says the National Institute of Standards and Technology in a recently published interagency report.