Blog

Blog
April 30, 2018  |  Bill Fisher and Teresa Thomas

The National Cybersecurity Center of Excellence’s (NCCoE’s) most recent practice guide, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders, aims to provide first responders with an efficient and secure means to access information from portable devices. This guide approaches security and efficiency from four angles: multifactor authentication (MFA), single sign-on (SSO), identity federation, and well-established standards.

Blog
April 17, 2018  |  Susan Prince

With the integration of mobile devices, including smartphones and tablets, into their daily lives people are changing how, where, and when they work. The office is no longer the only place where work gets done; users want access to the information they need using the devices that work best for them. Checking email or approving expense reports while out of the office are just a few examples of the flexibility that users desire to manage life in today’s fast-paced world. However, what should users do when the work involves sensitive information?

Blog
November 20, 2017  |  NIST

As part of a weeklong initiative called ‘DC CyberWeek’ (hosted by CyberScoop) to raise awareness in the cybersecurity community, the National Cybersecurity Center of Excellence (NCCoE)—part of NIST—hosted an event called ‘Coffee, cookies, and cybersecurity’ in Rockville, MD on October 19th.

Blog
August 31, 2017  |  Susan Prince

In collaboration with the financial services community and technology collaborators, the National Cybersecurity Center of Excellence (NCCoE) developed draft cybersecurity guidance, NIST Special Publication 1800-9: Access Rights Management for the Financial Services Sector, which uses standards-based, commercially available technologies and industry best practices to help financial services companies provide a more secure and efficient way to manage access to data and system. The draft guide is now open for public comment through October 31, 2017.

Blog
August 23, 2017  |  Caroline Tan, NCCoE Summer Intern

I learned that the concept of managing each transfer in a supply chain can be applied to the outputs of any company or organization. That basic understanding of product movement in planning, procurement, manufacturing, and delivery helped me transition into my internship at the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE). I was initially intimidated by the name and intellectual weight of the organization. These innovators—my now co-workers—were spearheading cybersecurity solutions for wireless infusion pumps, secure inter-domain routing, and identity and access management. And they even shed light on supply chain management, explaining to me that there is a possibility of risk at each transfer point and at each step in the process, not just with physical materials, but also with the critical intangibles such as data, software, and intellectual property. Here, I found an overlap that wasn’t deeply addressed in my supply chain course. I wanted to combine my undergraduate background and experience with the wealth of knowledge around me and contribute back to the organization.

Blog
June 27, 2017  |  Donna Dodson

As its name suggests, the internet of things will connect all kinds of things, bringing us a wealth of data about, well, everything that we can use to improve our lives. For example, internet-connected smart parking meters are helping people find available parking spaces, saving time, fuel and probably more than a few relationships. People are using fitness trackers to log their daily activity and achieve their fitness goals, making them healthier and happier. And technologies that promise to make travel safer and more convenient, such as self-driving cars and highway sensors that detect and adapt to real-time road conditions, are quickly moving from concept to reality.

Blog
March 07, 2017  |  Joshua M. Franklin and Christopher Brown

The 2017 RSA Conference offered great opportunities, as usual, for the NCCoE staff to learn from the cyber community and engage with industry. The conference supported an entire track of mobile security talks, and common themes included the intersection of mobile security/IoT, and the (lack) of privacy within mobile ecosystems. As the NCCoE continues its work in mobile device security, we were excited to see mobile security gaining more traction at the RSA Conference.

Blog
February 09, 2017  |  Sarah Kinling

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute for Standards and Technology (NIST), will demonstrate its current projects in San Francisco Feb. 13-17 at the RSA Conference and Orlando Feb 19-23 at the Healthcare Information and Management Systems Society Annual Conference & Exhibition (HIMSS17).

Blog
December 22, 2016  |  William Fisher and Marc Schneider

At approximately 7:00 a.m. ET on October 21, popular websites on the east coast appeared to go down, propelling a new type of distributed denial of service (DDoS) attack into the public spotlight. The malware involved in this incident, named Mirai leveraged Internet of Things (IoT) devices, such as DVRs and IP cameras, to form botnets. These botnets were used to target and disrupt core Internet services from domain name system (DNS) provider Dyn. As a malware strain, Mirai was already well known.

Blog
November 10, 2016  |  Tania Copper

On Wednesday November 9, 2016, the National Cybersecurity Center of Excellence (NCCoE) hosted “Cybersecurity in the Health Community,” part of the NCCoE Speaker Series. The event brought together a variety of cybersecurity professionals to the NCCoE campus to further the discussion on cybersecurity in the healthcare environment.