A NIST practice guide contains suggestions for how to prevent the use of stolen credit card data in online shopping. The guide, currently in draft format and expected to post in final form in June, is designed to help prevent credential stuffing and account takeovers, as well as remedy vulnerabilities such as failure to lock out users who enter multiple incorrect passwords. The guidelines work with existing technologies, NCCoE says; the agency worked with RSA and Splunk, among others, to test the ideas. The guide does not study how security would work for customers who prefer to shop as a guest or who shop on mobile devices.

The National Institute of Standards and Technology is seeking comment on guidelines for preventing unauthorized access to connected “Internet of Things” consumer devices by malicious actors, for use in launching distributed denial of service attacks or other internet disruptions and privacy breaches.

As technology, threats, and industry dynamics continue to evolve, NIST must continue to evolve to stay relevant. At RSA 2019, for instance, a lot of the NIST discussion centered on how the Institute’s approach to privacy needs to adapt to GDPR. Thankfully, cybersecurity practitioners have resources to weather these changes and continue to implement the framework. NIST’s National Cybersecurity Center of Excellence (NCCoE) features practice guides and other tools to navigate challenges ranging from managing complexities and efficiencies, to simplifying compliance through automated reports and documentation.

Just last month, the National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), published guidance for public and private companies to protect mobile devices and help prevent data breaches. The publication, titled “Mobile Device Security: Cloud and Hybrid Build,” is a how to guide for companies to secure mobile devices using commercially available technology.