Another US institution of world-wide significance being gutted.

Almost a dozen top cybersecurity experts from the US National Institutes of Standards and Technology (NIST) have taken the administration's retirement offers and are leaving the agency

According to CybersecurityDive, the experts had worked in #NIST Computer Security Division (CSD)

Their retirement will impact NIST's capacity to deliver standards for emerging technologies like quantum computing and artificial intelligence
https://www.cybersecuritydive.com/news/nist-cyber-retirements-quantum-ai-research-standards/747270/

We are having discussion about split horizon #dns whether or not it's a good idea in terms of cybersecurity and administration. I could not find any definitive answer from #ANSSI, #NIST nor #Microsoft. What is your take on that? Kind-poke @bert_hubert.

Headlines don't get much better than this...

"#NIST Standardizes #Stool for #Microbiome #Research"

https://www.medscape.com/viewarticle/nist-releases-new-fecal-product-expected-enhance-microbiome-2025a1000aii

Plans, Policies, and Procedures: NIST AI RMF
A set of industry-neutral guidelines released by the National Institute of Standards and Technology (NIST).
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #NIST #AI #RMF #technology

Plans, Policies, and Procedures: NIST CSF 2.0
Structured around six core functions, each representing a critical aspect of an effective cybersecurity program.
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #NIST #CSF #technology

Plans, Policies, and Procedures: NIST SP 800-171
A NIST Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI).
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #NIST #technology

Plans, Policies, and Procedures: NIST SP 800-53
An information security standard that provides a catalog of privacy and security controls for information systems.
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #NIST #SP #800-53 #technology

Plans, Policies, and Procedures: NIST SP 800-61
This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
https://blackcatwhitehatsecurity.com
#Plans #Policies #Procedures #NIST #technology

Oh wow, another atomic clock to tell us we're late for our meetings! Because what the world needed was a timepiece with a fancier name... Bravo, #NIST, for giving us the luxury of being precisely late on #government time.
https://www.nist.gov/news-events/news/2025/04/new-atomic-fountain-clock-joins-elite-group-keeps-world-time #atomicclock #timekeeping #technology #humor #HackerNews #ngated

Death by a 1000 Paper Cuts...

Numerous US federal agencies that contribute to our national cybersecurity defenses have suffered sweeping job and program cuts. These cutbacks put the US at a disadvantage in its efforts to mitigate cybercrimes, cyber espionage, and other cyber-enabled attacks by criminal and state (sponsored) actors.

Political pundits at The Bulwark are much better informed than I to examine the broad ramifications of a weakened US cybersecurity presence. I will take you closer to ground zero by sharing three examples of cyber-enabled activities that are real and imminent threats to you, your organization, or your friends and family.

https://interisle.substack.com/p/death-by-1000-paper-cuts-how-foreign?r=59cehk

Threat Actors Don’t Care About Your Compliance Score
https://youtu.be/mYsSUR6z6BA . #cybersecurity #GRC #audits #documentation #threatactors #vulnerabilities #threathunting #riskmanagent #compliance #NIST #CMMC

iX-Workshop IT-Sicherheit: Pentests methodisch planen, anfordern und analysieren

Schritt für Schritt zum sicheren System: Penetrationstests methodisch planen, beauftragen und auswerten, um Schwachstellen in der eigenen IT aufzuspüren.

https://www.heise.de/news/iX-Workshop-IT-Sicherheit-Pentests-methodisch-planen-anfordern-und-analysieren-10354228.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Обзор новой редакции NIST 800-61 по реагированию на инциденты

В этой статье я хотел бы рассмотреть вышедший буквально на днях стандарт NIST 800–61r3 «Incident Response Recommendations and Considerations for Cybersecurity Risk Management» (Рекомендации и соображения по реагированию на инциденты для управления рисками в сфере кибербезопасности). Замененный стандарт 800–61r2, выпущенный в далеком 2012 году, был полностью переработан и текущая версия существенно отличается по структуре и подходу к вопросу реагирования на компьютерные инциденты.

https://habr.com/ru/articles/904252/

"Asian crime syndicates are running cyber scam centers at a hyperscale, earning tens of billions of dollars and expanding into new markets westward." www.darkreading.com/threat-intel... #cybersec #cybercrime #natsec #CISA #NIST #tech #data #security

'Industrial-Scale' Asian Scam ...

#FBI "released its Internet Crime Report 2024, highlighting US$16.6 billion in losses reported to the Internet Crime Complaint Center ( #IC3) over the past year." industrialcyber.co/reports/fbis... #cybersec #ransomware #phishing #tech #data #cybercrime #natsec #CISA #NIST #security

FBI’s Internet Crime Report 20...

#WorldBookDay

"#War #Manifesto On #Compliance Frameworks:

Turning #Protocols, #Regulations & #Standards Into Monetization Weapons

(#BaselIII, #CCPA, #Dodd-Frank, #ESG, #GDPR, #HIPAA, #HITECH, #IATF16949, #IEC/ISO #9001/#14001/#27001/#45001, #NIST, #PCI #DSS, #SOC 1/2/3, #SOX & All Other Current/Future #Frameworks)"

https://drhermansjr.carrd.co

Daniel J. Bernstein (#djb, to those who know and love him [1]) has a new blog entry about the NIST post-quantum #cryptography standardization process that's been ongoing for some years. Also, follow him @djb .

If you're not aware of some of the controversy about how NIST is running this process, it's a must-read.

https://blog.cr.yp.to/20250423-mceliece.html

My $0.02: it sure looks like NIST is backstopping an attempt by the NSA to get everyone to standardize on cryptography #standards that the #NSA knows how to break.

Again.

Yes, they did it before. If you read up on the Dual_EC calamity and its fallout, and how this time it was supposed to be different - open, transparent, secure - then prepare to be disappointed. NIST is playing #Calvinball with their rules for this contest, yanking the rug out from under contenders that appear to be more #secure and better understood, while pushing alternatives that are objectively worse (#weaker encryption, less studied, poorer #performance).

Frankly, I think organizations outside of the #USA would be foolish to trust anything that comes out of #NIST's current work. Well, those inside the USA too, but some of those may be forced by law to use whatever NIST certifies.

[1] Some people think djb is "prickly", not lovable. Oddly, it seems that the only people who say this are those who are wildly incorrect about code/algorithms and are being gently but publicly corrected about by djb at the time