ITL Newsletter January - March 2022

National Institute of Standards and Technology (NIST) sent this bulletin at 02/18/2022 01:00 PM EST

View As Web Page

Information Technology Lab (ITL) at NIST

January - March 2022 Newsletter

credit: Shutterstock

NIST Launches New International Cybersecurity and Privacy Resources Website

Every day, NIST cybersecurity and privacy resources are being used throughout the world to help organizations manage cybersecurity and privacy risks. To assist our international colleagues, NIST has launched a new International Cybersecurity and Privacy Resources Site. The site includes translations of the Cybersecurity Framework, including a newly published Indonesian translation. You can get more information and add to this list by reaching out to intl-cyber-privacy@nist.gov. Check out this site for information on upcoming international events with NIST participation, links to these international engagement update blogs, information on our international standards development work, and more.

CULTIVATING TRUST IN IT AND METROLOGY

FEATURE STORIES

NIST Issues Guidance on Software, IoT Security and Labeling

The President’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028),” issued on May 12, 2021, charges multiple agencies – including NIST– with enhancing cybersecurity through initiatives related to the security and integrity of the software supply chain. Section 4 called for NIST to publish a variety of guidance that identifies practices to enhance software supply chain security, with references to standards, procedures, and criteria. The EO also directed NIST to initiate two labeling programs related to the Internet of Things (IoT) and software to inform consumers about the security of their products.

NIST Updates FIPS 201 Personal Identity Credential Standard

To ensure that federal employees have a broader set of modern options for accessing facilities and electronic resources, the National Institute of Standards and Technology (NIST) has increased the number of acceptable types of credentials that federal agencies can permit as official digital identity. The increase is part of the latest update to Federal Information Processing Standard (FIPS) 201, which specifies the credentials that can be used by federal employees and contractors to access federal sites. The update, formally titled FIPS 201-3: Personal Identity Verification (PIV) of Federal Employees and Contractors, also allows for remote identity proofing and issuing, in addition to doing so in-person as was previously required.

How to Deploy Machine Learning with Differential Privacy

Previous posts in this series have explored differential privacy for traditional data analytics tasks, such as aggregate queries over database tables. What if we want to use state-of-the-art techniques like machine learning? Can we achieve differential privacy for these tasks, too? Machine learning is increasingly being used for sensitive tasks like medical diagnosis. In this context, we would like to ensure that machine learning algorithms do not memorize sensitive information about the training set, such as the specific medical histories of individual patients. As we’ll see in this post, differentially private machine learning algorithms can be used to quantify and bound leakage of private information from the learner’s training data. In particular, it allows us to prevent memorization and responsibly train models on sensitive data.

STAFF SPOTLIGHT

Lucas Brady

Physicist
Congratulations to Lucas Brady, who has been selected as winner of the 2021 USRA Q2B Applied NISQ Computing Paper Award for 2021. The paper, entitled “Behavior of Quantum Algorithms,” was co-authored with Lucas Kocia (Sandia Labs, and a former ACMD NRC postdoc), Przemyslaw Bienias (UMD), Aniruddha Bapat (UMD), Yaroslav Kharkov (UMD), and Alexey Gorshkov (NIST PML).

NIST Team Won Physics World 2021 Breakthrough Of The Year

Congratulations to Joe Aumentado, Katarina Cicak, Shawn Geller, Scott Glancy, Manny Knill, Alex Kwiatkowski, Florent Lecocq, Ezad Shojaee, Raymond W. Simmonds, and John Teufel who are the recipients of The Physics World 2021 Breakthrough of the Year for entangling two macroscopic vibrating drumheads, thereby advancing our understanding of the divide between quantum and classical systems.

ITL IN THE NEWS

NIST Seeks Nominations for Appointment to Internet of Things Advisory Board | GovConWire
NIST Adds Senior Policy Advisor for Artificial Intelligence | Fedscoop
America is Racing to Avoid the ‘Quantum Apocalypse’ | Newsweek
NIST Updates Cybersecurity Engineering Guidelines | Nextgov
The 4 Phases of a Cybersecurity Strategy That Schools Must Implement | EdTech
Cybersecurity Labels for Consumer Products Could Be on the Way | The Washington Post
Why You Need A 'Zero Trust' Cybersecurity Plan | Forbes

PUBLICATIONS

NISTIR 8400 Voices of First Responders—Nationwide Public Safety Communication Survey Findings: Day-to-Day Technology Phase 2, Volume 3
NIST Special Publication 800-53A Revision 5 Assessing Security and Privacy Controls in Information Systems and Organizations
NIST Special Publication 800-121 Revision 2, Guide to Bluetooth Security
NIST Special Publication 800-160, Volume 2 Revision 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach
NISTIR 8286A, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management
FIPS PUB 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors
NIST Technical Note 2190, NIST Special Database 302 Supplemental Release of Latent Annotations
NIST Special Publication 1800-32, Securing Distributed Energy Resources: An Example Solution of Industrial Internet of Things Cybersecurity
NIST Special Publication 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities

LOOKING AHEAD

CONFERENCES & EVENTS

On March 1^st - 2^nd, NIST will host 3rd Open Security Controls Assessment Language (OSCAL) Workshop.

On March 29^th-31^st, NIST will host a two-part workshop on AI Risk Management Framework – and bias in AI. Register Now.

SUCCESS STORIES

NIST’s Low-Cost Radio System Could Help Trace Disease Spread

In efforts to limit the spread of disease while preserving privacy, an interdisciplinary research team at the National Institute of Standards and Technology (NIST) has designed and tested low-cost devices and methods that can detect when people or animals come into close contact with each other. The wearable devices combine commercial Bluetooth radio hardware with NIST cryptographic features. While not always reliable in estimating the distance between wearers, the NIST system may be useful for research on how people and animals move through spaces and interact. The system may offer advantages over contact tracing using smartphones, which are not used consistently in certain settings and may be less private.

NOTABLE QUOTES

“Evidence generated during the system life cycle is essential to building assurance cases for systems being deployed in the critical infrastructure.”

- Ron Ross, ITL Fellow