NIST SP 800-172 (Formerly SP 800-171B) Release Couldn't Come at a Better Time

NIST’s timely new release of Special Publication (SP) 800-172 (formerly referred to in draft form as 800-171B) provides exactly what its title says, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171. Yet it goes a step further to protect controlled unclassified information (CUI) specifically from APTs.


What Is the NIST Cybersecurity Framework?

With cyber threats rapidly evolving and data volumes expanding exponentially, many organizations are struggling to ensure proper security. Implementing a solid cybersecurity framework (CSF) can help you protect your business. One of the best frameworks comes from the National Institute of Standards and Technology. This guide provides an overview of the NIST CSF, including its principles, benefits and key components.


CMMC vs NIST: What's the Difference?

If your firm is a government contractor working with the U.S. Department of Defense, or works anywhere in the DoD supply chain, brace for big changes in the cybersecurity requirements your business will need to meet. By 2026, the Defense Department will require its contractors to comply with new cybersecurity standards known as the Cybersecurity Maturity Model Certification — CMMC, for short.

Featured Post

Security Monitoring and Risk Analysis for Office 365 - A maintainable Journey

The NIST framework tells us that it is crucial to treat security as both an action that is not a singular fix but a chorus of proactive and reactive measures. It also teaches us that it is a continuous journey. In this article, we shall apply these concepts of measures and continuous journeys to some real-world examples. Here we choose Office 365 as, for many organizations, it exposes the dominant risk surface.

What is NIST Framework in risk management? How to implement?

In 2013, the U.S. President, Barack Obama, passed an order to boost cybersecurity. The order required the development of a risk-based cybersecurity framework for managing cybersecurity risks for essential infrastructure services. A framework was later developed through an international partnership between small and large businesses spearheaded by the National Institute of Standards and Technology (NIST). Here is a look at the NIST Cybersecurity framework and why it is essential.


NIST 800-53: A Guide to Compliance

The NIST 800-53 standard offers solid guidance for how organizations should select and maintain customized security and privacy controls for their information systems. NIST SP 800-53 Revision 5 is one of many compliance documents you need to familiarize yourself with if you are working with information technology. This post breaks it down for you into digestible pieces that emphasize the standard’s practical meaning and application.


Redscan analysis of NIST NVD reveals record number of critical and high severity vulnerabilities in 2020

The report is based on an analysis of more than 18,000 Common Vulnerabilities and Exposures (CVEs) logged to NIST’s National Vulnerability Database in 2020. It reveals that well over half (57%) were rated ‘high’ or ‘critical’ severity – the highest recorded figure for any year to date. Our analysis also looks beyond severity scores, detailing the rise of low complexity vulnerabilities as well as those which require no user interaction to exploit.


Accelerate Compliance of NIST SP 800-63-3 with ForgeRock

No matter how much security and interoperability it brings, the thought of ‘compliance’ always brings a resigned sigh. Yet, from the U.S. Federal Government (Fed) to state and local governments and educational institutions (SLED), complying with guidelines and standards is a must not only for security but for interoperability and cost reduction.


NIST Cybersecurity Framework - The Key to Critical Infrastructure Cyber Resiliency

In the digital age, organizations and the missions and business processes they support rely on information technology and information systems to achieve their mission and business objectives. Not only is technology used to efficiently enable businesses to carry out operational activities, but it is also the backbone for the United States’ critical infrastructure.


NIST SP 800-128 - Because Patching May Never Fix Your Hidden Flaws

Over the last few years, the idea of patching systems to correct flaws has graduated from an annoying business disruption to a top priority. With all of the notorious vulnerabilities that can wreak total havoc, the time it takes to patch becomes a minor inconvenience when weighed against both the technical challenges and possible regulatory penalties of not patching.