Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Depending on the industry, location, and business operations of your organization, you may have any number of cybersecurity regulations to comply with. Keeping track of each law that affects your organization and the various requirements associated with them can be overwhelming, but the consequences of noncompliance are often far worse.

Passwords are bad, and our whole industry is trying to move away from these simple strings granting access to our systems. But change is slow, and adopting newer standards is difficult, even if passwords are deeply problematic. Now, the National Institute of Standards and Technology (NIST) is updating the core standard for authentication – and it adopts the “new school” of password policies.

Resilience is one of the hottest topics of the moment, but for good reason. For most organizations, suffering a cyberattack is a matter of when, not if. Attackers are, lamentably, always one step ahead of defenders and, as such, responding to an attack and maintaining business operations have become arguably more important than protecting an organization in the first place.

Imagine compliance is like a driving application. You know your location and you plug in the destination address, then it shows you the route’s overview. If you want a more specific map, you can zoom in a bit and get more details. Similarly, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and it’s most recent revision provide the overview roadmap for your compliance journey.

NIST 800-53B, Control Baselines for Information Systems and Organizations, offers security and privacy control baselines for the Federal Government. It serves as a companion to NIST Special Publication (SP) 800-53, Revision 5, which outlines security and privacy controls for information systems and organizations.

So, you're considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You've taken the first step toward improving your organization's cybersecurity posture. However, you may need clarification about the best approach to aligning your cybersecurity practices with the NIST CSF.

DFARS compliance involves following regulations set by the U.S. Department of Defense for contractors and subcontractors, focusing on cybersecurity, supply chain risk management, and protecting sensitive information like Controlled Unclassified Information (CUI).

The National Institute of Standards and Technology (NIST) is a US government agency that develops standards and guidelines for cybersecurity and technology. The purpose of these guidelines is to protect sensitive information, especially for those companies working with the government.

On August 13th, 2024, the US National Institute of Standards and Technology (NIST) published the first three cryptographic standards designed to resist an attack from quantum computers: ML-KEM, ML-DSA, and SLH-DSA. This announcement marks a significant milestone for ensuring that today’s communications remain secure in a future world where large-scale quantum computers are a reality.

NIST has long been an important acronym in the world of cybersecurity, where organizations have for years used the NIST Cybersecurity Framework to help guide their security investments. But the practices and controls associated with NIST have evolved recently, due to the release of NIST 2.0. If you’re stuck in the era of NIST 1.x, it’s time to adapt.