Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


NIST Supply Chain Security Guidance for CI/CD Environments

A CI/CD environment provides a foundation for the software delivery process by giving the ability to be deployed more quickly and without interruption. This notion, which is being automated and integrated, focuses on the CI/CD process. CI or continuous integration methodology, in other words, includes developers committing small changes to their code which gets authenticated, built, tested, and merged together to a common code repository, occurring on a constant basis.

Improving Security with Wallarm's NIST CSF 2.0 Dashboard

Ensuring the security of web applications and APIs is more critical than ever. With threats becoming increasingly prevalent and sophisticated, organizations need to employ comprehensive security measures to protect their digital assets. The NIST Cybersecurity Framework (CSF) 2.0 stands at the forefront of these efforts, offering a structured approach to managing cybersecurity risks.

Introducing NIST AI RMF: Monitor and mitigate AI risk

The pace and complexity of AI technologies is increasing every day. In this rapidly changing environment, it’s critical for companies to adopt a rigorous approach to safely and responsibly incorporating AI into their products and processes. ‍ That’s why we’re excited to announce that the NIST AI Risk Management Framework (RMF) is now available in beta.

Empowering DevSecOps: JFrog's Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

As an integrator or government agency providing mission-critical software, the question to ask yourself is “Is my software development environment NIST SP 800-218 compliant?”. Compliance with NIST SP 800-218 and the SSDF (Secure Software Development Framework) is mandatory, and it’s time to ensure your software supply chain is compliant.

NIST SP 800-162 Attribute Based Access Control (ABAC) Guide

NIST SP 800-162 ‘Guide to Attribute Based Access Control (ABAC) Definition and Considerations’ is a special publication that defines attribute-based access control (ABAC) for U.S. government agencies. It also provides guidance on using ABAC to improve and maintain control of information sharing within and between organizations and best practices for ABAC implementations.

NIST server hardening: Guide for NIST 800-123

The NIST SP 800-123 Guide to General Server Security contains NIST recommendations on how to secure your servers. It offers general advice and guideline on how you should approach this mission. Its aim is to assist organizations in understanding the fundamental activities they nee dto undertake to secure their servers. Regulations such as HIPAA, HITRUST, CMMC, and many others rely on those recommendations, demanding organizations to enforce and comply with the guide.

How to Comply with NIST SP 800-171 Revision 3

The National Institute of Standards and Technology (NIST) developed the NIST 800-171 framework to set guidelines and security requirements for protecting controlled unclassified information (CUI). NIST first created the framework in June 2015 but has since revised the publication several times, most recently in November 2023.

The 443 Podcast - Episode 275 - NIST Tackles Adversarial AI

This week on the podcast, we review NIST's new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a surge in Bitcoin price before finishing with a discussion of Living-off-Trusted Sites (LoTS) attacks that leverage GitHub.

Developing an Effective NIST Disaster Recovery Policy and Template

In an era where cyber threats are increasingly sophisticated and unpredictable, prioritizing risk management has become critical. Cybersecurity breaches, whether from malware, ransomware, or other attacks, can inflict substantial damage on your organization’s infrastructure and reputation. However, it’s not just about cyber threats.

NIST Cybersecurity Framework 2.0: The Key Changes to Know About

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) has been a stalwart ally for organizations for years, providing guidance on understanding, evaluating and communicating about cybersecurity risks. The release of NIST CSF 2.0, expected in early 2024, provides a paradigm shift. This blog post provides an in-depth exploration of the structure of the NIST CSF and the key changes coming in version 2.0.