CISO Corner: Breaking Staff Burnout, GPT-4 Exploits, Rebalancing NIST
SecOps highlights this week include the executive role in "cyber readiness;" Cisco's Hypershield promise; and Middle East cyber ops heat up.
NIST publishes cybersecurity standards and guidance that organizations use to assess risk, strengthen controls, and improve resilience.
Search across headline titles and summaries.
Background for this topic.
NIST is the U.S. National Institute of Standards and Technology, a Commerce Department agency that develops technical standards, measurements, and cybersecurity guidance. Practitioners use the Cybersecurity Framework (CSF) to organize security outcomes, the SP 800 series for controls and practices, and the Risk Management Framework (RMF) to assess and authorize information systems. NIST guidance is generally voluntary for private organizations; particular standards can become mandatory for federal systems through law, regulation, or contract.
NIST gives security teams a common vocabulary for assessing gaps, selecting safeguards, and documenting risk decisions across the security lifecycle. Its publications address areas including authentication, incident handling, privacy, secure software development, and supply-chain risk. NIST’s National Vulnerability Database supports vulnerability management, but its entries and severity scores require validation against an organization’s assets, exposure, and exploitability. News under this tag may concern a draft, revision, or federal requirement, so practitioners should check the document’s version and applicability before treating guidance as a required control.
SecOps highlights this week include the executive role in "cyber readiness;" Cisco's Hypershield promise; and Middle East cyber ops heat up.
The missing ingredient in NIST's newest cybersecurity framework? Recovery.
An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database
The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys