Announcements

Announcements
May 05, 2017

As the world rapidly embraces the Internet of Things, properly securing medical devices has grown challenging for most healthcare delivery organizations (HDOs). That’s because medical devices, such as infusion pumps, have evolved from standalone instruments that interacted only with the patient and a medical provider into devices that now connect wirelessly to a variety of systems, networks, and other platforms to enhance patient care, as part of the broader Internet of Medical Things (IoMT). As a result, cybersecurity risks have risen. Wireless infusion pump ecosystems, which include the pump, the network, and the data stored in and on a pump, face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump’s intended function.

In collaboration with the healthcare community and manufacturers, the NCCoE developed cybersecurity guidance, draft NIST Special Publication 1800-8: Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, which uses standards-based, commercially available technologies and industry best practices to help HDOs strengthen the security of wireless infusion pumps within healthcare facilities. The draft guide is now open for public comment.  

Announcements
February 16, 2017  |  NIST

As part of their current cybersecurity efforts, many electric utilities monitor data from the various systems and devices they rely on to keep the power flowing and to secure both their information technology and facilities. Pulling these data together and correlating events across data streams can be a time-consuming process, so the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology collaborated with a team of experts from industry, academia and government to develop a guide utilities can use to improve situational awareness and better respond to potential cyber attacks.

Announcements
December 19, 2016  |  NIST NCCoE

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) released a Federal Register notice (FRN) for the Multifactor Authentication for e-Commerce project.

Announcements
December 15, 2016  |  NIST NCCoE

The National Cybersecurity Center of Excellence (NCCoE) released its final project description, Privacy-Enhanced Identity Federation. A Federal Register notice (FRN) has also been published, inviting technology vendors to participate in the project build.

Announcements
November 29, 2016  |  NIST NCCoE

The National Cybersecurity Center of Excellence (NCCoE) released its final project description, Mobile Application Single Sign-On, for the Public Safety/First Responder sector. A Federal Register notice (FRN) has also been published, inviting technology vendors to participate in the project build.

Announcements
November 14, 2016  |  Bill Newhouse

We know the importance of safeguarding our credit cards—we don’t leave them laying around in plain sight and we don’t share our PIN numbers. We are discriminating about where we save our credit card information online, and most of us try to use good passwords. However, we also know that there are malicious actors that want this information and are increasingly adept at retrieving it despite our best efforts.

Announcements
November 10, 2016  |  NIST

The U.S. Coast Guard (USCG) oversees approximately 800 waterfront facilities that, among other activities, transfer hazardous liquids between marine vessels and land-based pipelines, tanks or vehicles. These “maritime bulk liquid transfers” increasingly rely on computers to operate valves and pumps, monitor sensors and perform many other vital safety and security functions. This makes the whole system more vulnerable to cybersecurity issues ranging from malware to human error, and is the reason behind a new voluntary cybersecurity guide for the industry.

Announcements
November 02, 2016  |  Susan Prince

The National Cybersecurity Center of Excellence (NCCoE) invites comments on a draft practice guide to help organizations improve email security and defend against phishing, man-in-the-middle, and other types of email-based attacks. The draft guide, Domain Name Systems-Based Electronic Mail Security (NIST Special Publication 1800-6), demonstrates how commercially available technologies can help email service providers improve the security of email communications. 

Announcements
September 13, 2016  |  NIST

IT security departments have used guidance from NIST and other sources to help them defend the vulnerable connections between mobile devices and enterprise computer systems from malware, viruses and other types of attacks. Recently, organizations from both the public and private sectors have requested more specific information on threats and ways to mitigate them.

The draft Mobile Threat Catalogue (MTC) and the accompanying draft Assessing Threats to Mobile Devices & Infrastructure (NIST Interagency Report 8144 seek to answer those requests. To strengthen the catalogue, the authors request practitioners and experts in the field to review the catalogue and provide feedback and additional information. Please send comments on both projects to Nistir8144@nist.gov by October 12, 2016.

Announcements
September 11, 2016  |  Kathie Felix

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is exploring technology that can help vehicle-based law enforcement officers securely and quickly access multiple software applications and databases. A faster authentication process could provide immediate access in dangerous circumstances—and while a vehicle is in motion.