The Armed Forces Communications and Electronics Association (AFCEA)'s SIGNAL Magazine highlighted the recent Federal Identity (FedID) Understanding of Identity Meetup at the National Cybersecurity Center of Excellence (NCCoE) in Rockville, Maryland, on June 20. The event brought together government officials, military leaders and private sector professionals for a candid discussion of issues relating to the federal implementation of identity assurance in the digital world.
The Chief Information Security Officers Council (CISO Council) sought to produce the “CISO Handbook” – a compendium of key information and actionable templates and processes – to provide a “one stop shop” for new and emerging information security professionals to begin their upskilling into future cybersecurity executives. The Handbook is a foundational document that will help agency leadership drive transformational workforce changes in a standardized, repeatable manner and create greater collaboration and coordination across agencies to address systemic cybersecurity challenges. This document highlights the NCCoE's cybersecurity practice guides, Special Publication 1800 series.
The National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSRC) has a wealth of resources targeting specific cybersecurity challenges in the public and private sectors. These practical, user-friendly guides can help your practice facilitate the adoption of standards-based approaches to cybersecurity.
The public/private partnership is alive and folks at NIST, the National Cybersecurity Center of Excellence and others have recently revised guidelines to help modernize, looking at open standards such as OAuth, Fast Identity Online (FIDO), OpenID and others to try and help solve this problem. Biometric identity authentication on a government-trusted device, and the use of a FIPS-validated hardware token like the Yubico Yubikey for replacement of a CAC or PIV card will make agency life easier on the path to IT modernization.
Critical infrastructure is dependent on electricity. If the electric grid were shut down by a cyberattack, crucial functions of daily life ranging from ATM and online banking transactions to heating and cooling your homes – and shopping for food and gasoline – would come to a halt. The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence collaborates with utility companies, technology vendors, government agencies and academia to produce example solutions. These solutions can then be adopted by the energy sector and tailored to their environment to address cybersecurity challenges.
Yubico’s recent collaboration with the U.S. National Institute of Standards (NIST) and National Cyber Center of Excellence (NCCoE) resulted in a three-volume draft practice guide for the improvement of mobile authentication methods for public safety professionals and first responders. In emergency situations, time is of the essence. Minutes and even seconds can sometimes mean the difference between life and death. The joint project was developed with this in mind, with the ultimate goal of creating reliable and secure mobile platforms that can be quickly accessed.
The National Institute of Standards and Technology (NIST) has announced that it will be seeking industry input on developing use cases for its framework of cybersecurity standards related to patient imaging devices. NIST’s latest announcement is directed at eventually providing security guidance for the healthcare sector’s most common uses of data.
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence today issued a request for technical expertise and products to help improve the cybersecurity of Picture Archiving and Communications Systems, widely used for treatment and diagnosis in hospitals. In a Federal Register notice, NIST “invites organizations to provide products and technical expertise to support and demonstrate security platforms” for the cybersecurity of PACS, which comprise medical imaging technology used for storing and presenting images produced by MRIs, X-rays, CT scanners, and other devices.
Working with the private sector, NIST’s National Cybersecurity Center of Excellence created a platform that uses Domain Name System security extensions and authentication to ensure the validity of email signatures. In two separate test scenarios NIST ran, a fraudulent actor attempted to pose as a trusted email source, and the security platform thwarted the spoofing attack.
This article discusses how the National Cybersecurity Center of Excellence (NCCoE) develops practical and usable cybersecurity guidance that can be adopted across industries, including the healthcare sector. The NCCoE works across public-private partnerships to create the National Institute of Standards and Technology (NIST) Special Publication (SP)1800 Series practice guides that are focused on specific industry challenges that companies can adopt for use.