NIST Enrichment Reductions Impact CVE Coverage, Accuracy
The National Institute of Standards and Technology (NIST) scaled back the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers.
NIST publishes cybersecurity standards and guidance that organizations use to assess risk, strengthen controls, and improve resilience.
Search across headline titles and summaries.
Background for this topic.
NIST is the U.S. National Institute of Standards and Technology, a Commerce Department agency that develops technical standards, measurements, and cybersecurity guidance. Practitioners use the Cybersecurity Framework (CSF) to organize security outcomes, the SP 800 series for controls and practices, and the Risk Management Framework (RMF) to assess and authorize information systems. NIST guidance is generally voluntary for private organizations; particular standards can become mandatory for federal systems through law, regulation, or contract.
NIST gives security teams a common vocabulary for assessing gaps, selecting safeguards, and documenting risk decisions across the security lifecycle. Its publications address areas including authentication, incident handling, privacy, secure software development, and supply-chain risk. NIST’s National Vulnerability Database supports vulnerability management, but its entries and severity scores require validation against an organization’s assets, exposure, and exploitability. News under this tag may concern a draft, revision, or federal requirement, so practitioners should check the document’s version and applicability before treating guidance as a required control.
Weekly headline count for the current query.
The National Institute of Standards and Technology (NIST) scaled back the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers.
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
The National Institute of Standards and Technology is carving a new path for vulnerability remediation by changing the way it prioritizes software flaws.
Federal agencies will no longer be required to solicit software bills of material (SBOMs) from tech vendors, nor attestations that they comply with NIST's Secure Software Development Framework (SSDF). What that means long term is unclear.
The U.S. National Institute of Standards and Technology released Security and Privacy Control version 5.2.0 to help organizations be more proactive regarding patching.
The US National Institute of Standards and Technology updated its Digital Identity Guidelines to match current threats. The document detailed technical recommendations as well as suggestions for organizations.
SP 1800-35 offers 19 examples of how to implement zero-trust architecture (ZTA) using off-the-shelf commercial technologies.
A new equation introduced by the National Institute of Standards and Technology (NIST) aims to offer a mathematical likelihood that a vulnerability has been exploited in the wild.
The U.S. National Institute of Standards and Technology (NIST) updated its Privacy Framework to work cohesively with its Cybersecurity Framework and guide organizations to develop stronger postures to handle privacy risks..
The changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD).
The National Institute of Standards and Technology (NIST) released updated differential privacy guidelines for organizations to follow to protect personally identifiable information when sharing data.
The new Cloud Key Management Service is part of Google’s new roadmap for implementing the new NIST-based post-quantum cryptography (PQC) standards.
Episode #4: NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs the world of quantum computing from a cybersecurity practitioner's point of view -- with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.
NIST standardized three algorithms for post-quantum cryptography. What does that mean for the information and communications technology (ICT) industry?
The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.
The latest draft version of NIST's password guidelines simplifies password management best practices and eliminates those that actually did not promote stronger security.
The release of new NIST quantum-proof cryptography standards signals it's time for cybersecurity teams to get serious about preparing for the rise of quantum threats.
Security experts welcomed the long-anticipated publication of the first post-quantum cryptographic standards as a significant milestone.
The new standards from NIST are designed for two tasks: general encryption and digital signatures.
Having a robust identity continuity plan is not just beneficial but essential for avoiding financially costly and potentially brand-damaging outages.