Blog Posts Tagged with "NIST"

69dafe8b58066478aea48f3d0f384820

Federal CIO Vivek Kundra Warns of IT Vendor Cartel

July 22, 2011 Added by:Headlines

In what could best be described as a proclamation reminiscent of Eisenhower's admonition of the powerful "military industrial complex", outgoing Federal CIO Vivek Kundra issued statements warning of security risks compounded by "an IT cartel" of vendors perpetuating big contract boondoggles...

Comments  (1)

8c4834b99847b9f7c9ee94b45df086f9

Where is the Focus on Randomness in Cryptography?

June 27, 2011 Added by:Emmett Jorgensen

The risk in using an RNG that is not truly random stems from the ability of an attacker analyzing the encrypted data and potentially discovering patterns to the encryption. This could allow some type of reverse engineering of the encrypted data or keys...

Comments  (2)

Ebb72d4bfba370aecb29bc7519c9dac2

The NIST EMAP is Out

June 11, 2011 Added by:Anton Chuvakin

The Event Management Automation Protocol (EMAP) is a suite of interoperable specifications designed to standardize the communication of event management data. EMAP is an emerging protocol within the NIST Security Automation Program, and is a peer to similar automation protocols...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Commerce Department Calls for Security Code of Conduct

June 09, 2011 Added by:Headlines

"A key role for government is to assist industry in developing these voluntary codes of conduct. These codes of conduct should aim to unify various technical standards that currently exist and identify a broad set of responsibilities that industry members can use as a baseline..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Releases Draft of Cloud Computing Synopsis

May 17, 2011 Added by:Headlines

Organizations should be aware of the security issues that exist in cloud computing. As complex networked systems, clouds are affected by traditional computer and network security issues such as the needs to provide data confidentiality, data integrity, and system availability...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance Continued

April 18, 2011 Added by:Anton Chuvakin

Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance

April 14, 2011 Added by:Anton Chuvakin

FISMA emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to secure the information systems that support its operations and assets. Here is what is likely needed for a successful FISMA-driven log management implementation...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Next Generation Power Grid Security

March 22, 2011 Added by:Ben Rothke

With the benefits of AMI come security and privacy issues, and those open the metering infrastructure to thieves, stalkers, and a range of other threats. AMI also opens up a new set of privacy issues in that the AMI devices will be collecting significant amounts of personal energy data...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 18 FINAL

March 22, 2011 Added by:Anton Chuvakin

For log exceptions copied from log aggregation tool or from the original log file, make sure that the entire log is copied, especially its time stamp, which is likely to be different from the time of this record, and the system from which it came from - what/when/where, etc...

Comments  (0)

39b6d5c1d3c6db11155b975f1b08059f

Do You Know About Heavyweight NERC CIP 011-1?

March 13, 2011 Added by:Ron Lepofsky

Electrical utilities are already challenged with the process of becoming certified for compliance with the NERC CIP standard for IT security. The NERC CIP standard is evolving, thank goodness. Perhaps you haven’t noticed the innocuous sounding proposed new standard now in the creation process...

Comments  (2)

Ebb72d4bfba370aecb29bc7519c9dac2

On Cloud Logging Standards and Unique IDs

March 07, 2011 Added by:Anton Chuvakin

Cloud computing, as defined by NIST, has inherent multi-tenancy, elasticity, immediate provisioning and other fun properties, not found in traditional applications and platforms – whether distributed or not. All of these happen to affect accountability, auditability and transparency...

Comments  (0)

21d6c9b1539821f5afbd3d8ce5d96380

Federal Cloud Computing Strategy Officially Launched

February 20, 2011 Added by:Kevin L. Jackson

Cloud computing allows the Federal Government to use its IT investments in a more innovative way and to adopt innovations from the private sector. Cloud computing will also help IT services take advantage of leading-edge technologies including devices such as tablet computers and smart phones...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Department of Energy Takes on Smart Grid Security

February 19, 2011 Added by:David Navetta

The core team has invited stakeholders from across the utility sector to participate in the initiative, including representatives from the Federal Energy Regulatory Commission, the Department of Homeland Security, and both publicly and privately-owned utilities...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

More On The Cloud And PCI Compliance

January 28, 2011 Added by:PCI Guru

PCI DSS can be applied to “the cloud” in its existing form. Then where is the problem? The first problem with “the cloud” is in defining “the cloud.” If you were to ask every vendor of cloud computing to define “the cloud,” I will guarantee you will get a unique answer from each vendor asked...

Comments  (1)

21d6c9b1539821f5afbd3d8ce5d96380

NIST Launches Cloud Computing Collaboration Twiki

January 10, 2011 Added by:Kevin L. Jackson

The National Institute of Standards and Technology (NIST) has been designated by Federal Chief Information Officer Vivek Kundra to accelerate the federal government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines..

Comments  (1)

69dafe8b58066478aea48f3d0f384820

National Defense Authorization Act Omits Cybersecurity

December 22, 2010 Added by:Headlines

The omitted language includes the creation of White House based office to coordinate cybersecurity efforts and the creation of a Federal Cybersecurity Practice Board to enforce Federal Information Security Management Act compliance and implementation of NIST recommendations...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »