Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

NIST and CVE Grading - The 443 Podcast - Episode 377

This week on the podcast, we take a look at the impact of the US National Institute of Standards and Technology (NIST) backing away from their previous role of enriching vulnerability CVE records. Before that, we discuss Huntress's insider threat drama before ending with an AI-assisted vulnerability discovery in the Front Gate Tickets platform.

NIST 800-53 Controls: Master Implementation in 2026

You're probably in one of two situations right now. Either an auditor has asked for proof that your controls operate, or your SOC is collecting plenty of telemetry but nobody can cleanly map that activity back to NIST 800-53 controls. Both problems usually come from the same gap. The framework lives in policy binders, while the evidence lives in scattered tools. That gap gets painful fast in FedRAMP, CMMC-aligned, and other regulated environments.

NIST Privileged Access Management: Complying with the NIST Requirements

Privileged accounts are the crown jewels of any IT environment. Admin credentials, root access, service accounts. These are what attackers go after first, because compromising one can hand them the entire organization. Forrester puts the number at 80% of security breaches involving privileged accounts. NIST frameworks, particularly SP 800-53, exist to make sure you're not leaving that door unlocked.

How State and County Law Enforcement Use AccessPatrol to Meet CJIS and NIST 800-53 Requirements

I spent nearly a decade in the U.S. Federal Government, including roles at the White House, the U.S. Department of Commerce, and the U.S. Senate. I later advised public sector clients on technology and strategic growth problems at Accenture. The same pattern showed up everywhere I went. Agencies invest in sophisticated network defenses.

Our comments to NIST: AI agent security starts with human identity verification

AI agents have developed advanced capabilities faster than most would have imagined. In enterprise contexts, workforces are delegating more and more tasks to them. While the promise of increased productivity is enticing, the shift from deterministic automated tools to agentic autonomous systems introduces security risks that most enterprises haven’t prepared for.

NIST AI Risk Management Framework (AI RMF): Everything you need to know

Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

NIST's NVD Shift Changes the Rules for Vulnerability Management

NIST’s recent update to the National Vulnerability Database (NVD) marks a turning point for enterprise vulnerability management teams. It’s not broken; it hit scale limits that NIST was forced to address. Now, every vulnerability management program built around it has a problem.

What NIST's mDL guidance means for the future of digital identity

The latest National Institute of Standards and Technology (NIST) draft guidance on mobile driver’s licenses(mDLs) is about more than one use case or credential type. While the draft primarily focuses on the financial sector due to its high-assurance requirements, the bigger takeaway is that government-issued identity can be cryptographically verified and shared more selectively.

An Introduction to the NIST Risk Management Framework (RMF)

While inherently critical to today’s businesses that run on data, implementing and enforcing data security and privacy has never been straightforward. Between collecting different types of sensitive data and deploying unique architectures, organizations cannot adopt a one-size-fits-all solution, meaning that every security architecture is unique.