ITL Newsletter March - April 2021

National Institute of Standards and Technology (NIST) sent this bulletin at 04/12/2021 09:58 AM EDT

View As Web Page

Information Technology Lab (ITL) at NIST

March - April 2021 Newsletter

Credit: B. Hayes/NIST

NIST Finalizes Cybersecurity Guidance for Positioning, Navigation, and Timing Systems

As part of an effort to help users apply its well-known Cybersecurity Framework (CSF) as broadly and effectively as possible, NIST has released finalized cybersecurity guidance for positioning, navigation, and timing (PNT) services.

Formally titled Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services (NISTIR 8323), the document is part of NIST’s response to the February 12, 2020, Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services. To develop the profile, NIST sought public input regarding the general use of PNT data before releasing a draft version in October 2020. The finalized version reflects public comments NIST received on the draft.

CULTIVATING TRUST IN IT AND METROLOGY

FEATURE STORIES

2021: What's Ahead from NIST in Cybersecurity and Privacy?

In 2020, NIST prioritized helping individuals and organizations shift to a more online environment to keep people safe and our economy productive. Despite the many challenges brought by the pandemic, we were fortunate to be able to continue our work on an array of new resources to help manage cybersecurity and privacy risks. As NIST looks ahead to the “new normal,” we plan to build on lessons learned during the pandemic and to be even more strategic in anticipating and tackling the many challenges before us.

NIST Offers Tools to Help Defend Against State-Sponsored Hackers

Nations around the world are adding cyberwarfare to their arsenals, employing highly skilled teams to launch attacks against other countries. These adversaries are also called the “advanced persistent threat,” or APT, because they possess the tools and resources to pursue their objectives repeatedly over an extended period, adapting to defenders’ efforts to resist them.

STAFF SPOTLIGHT

Ram Sriram

Chief, Software and Systems Division
Congratulations to Ram Sriram, recipient of a 2021 Distinguished Alumni Award from the Indian Institute of Technology, Madras.

Elham Tabassi

Chief of Staff, ITL
Congratulations to Elham Tabassi, recipient of a 2021 Federal 100 Award.

Victoria Yan Pillitteri

Acting Manager, Security Engineering and Risk Management Group Congratulations to Victoria Yan Pillitteri, recipient of a 2021 Federal 100 Award.

ITL IN THE NEWS

IoT Security in the Wake of the Verkada Breach | Security Boulevard
NIST Password Guidelines 2021: Challenging Traditional Password Management | Security Boulevard
New Internet of Things (IoT) Cybersecurity Law’s Far Reaching Impacts | LexBlog
NIST Smart Grid Framework Update Focus is Interoperability | RT Insights
The Importance of Supply Chain Risk Management in Government | FedTech
Boyens: NIST’s Expertise on Supply Chain Risk to Inform Work of Federal Acquisition Security Council | Inside Cybersecurity

PUBLICATIONS

LOOKING AHEAD

CONFERENCES & EVENTS

On April 27^th-29^th, NIST will host the SP 800-90B Entropy Source Validation Workshop.

On April 27^th, NIST will host the 2021 Federal Cybersecurity Workforce Summit (Virtual). The summit will feature colleagues who are working first-hand on initiatives geared toward attracting and strengthening vital cybersecurity talent.

On June 7^th-9^th, NIST will host the Third PQC Standardization Conference.

On June 17^th, NIST will host IRIS Experts Group Meeting (2021).

SUCCESS STORIES

NICE Framework Success Stories: Cybersecurity Curricula at Morgan State University

In February, NICE launched a new effort aimed at highlighting and sharing successful uses of the NICE Framework. The NICE Framework Success Stories—short, easily read summaries—profile organizations that have used the NICE Framework, emphasizing their drivers, processes, and outcomes. One of the first of these is from Morgan State University, which shares about their effort to map cybersecurity courses to the NICE Framework with the help of a cybersecurity curriculum development tool developed with funding from the NSA. As a result of these efforts, a database now allows searches for Morgan State cybersecurity content aligned to NICE Framework KSAs and Work Roles on a dynamic website that further allows the use of AI to assist with curriculum development.

NOTABLE QUOTES

“A lot of efforts to secure PNT services were underway before we started developing this profile, but there was no official benchmark for risk mitigation that anyone could use.”

- Jim McCarthy, Senior Security Engineer, NCCoE