"The appeal of NIST’s Cybersecurity Framework was so strong in Japan that the country’s Information Technology-Promotion Agency, or IPA, became the first foreign entity to translate the Framework fully from its English language version into another language in 2014." - via Cynthia Brumfield's Why NIST Is So Popular In Japan? published on Cyberscoop
via George V. Hulme, writing at DXC.Technology, comes a superlative blog post targeting Blockchain, and it's meteoric rise to the top of the bright and shiny things list (at least for those interested in such baubles...). At any rate, George's fine article details the National Institute of Science and Technolgy's (NIST) take on that rise. Today's Must Read.
The National Institute of Standards and Technology (NIST) National Center for Cybersecurity Excellence (NCCOE) has released it's latest draft medical device related security document, entitled 'NIST Special Publication 1800-8 Cybersecurity Special Publication 1800-8 Securing Wireless Infusion Pumps - In Healthcare Delivery Organizations'. Authored by Gavin O'Brien, Sallie Edwards, Kevin Littlefield, Neil McNab, Sue Wang and Kangmin Zheng - the document is available as either a PDF or web-based artifact. Enjoy.
"Medical devices, such as infusion pumps, were once standalone instruments that interacted only with the patient or medical provider. With technological improvements designed to enhance patient care, these devices now connect wirelessly to a variety of systems, networks, and other tools within a healthcare delivery organization (HDO) – ultimately contributing to the Internet of Medical Things (IoMT)." - via the National Center for Cybersecurity Excellence (NCCOE)
The NCCoE has announced a new NIST Cybersecurity Practice Guide (currently in draft mode - for your commenting pleasure...) and entitled - "SP 1800-7 Situational Awareness for Electric Utilities. Enjoy.
NIST 2015 Cybersecurity Innovation Forum has been scheduled for September 9, 2015 through September 11, 2015, at the Walter E. Washington Convention Center in Washington, D.C. The three day forum is sectioned into four tracks icluding Security Automation, Trusted Computing, Information Sharing and Cybersecurity Research. Register for the 2015 Cybersecurity Innovation Forum here.
Of interest is the Center's Building Block Updates. Comprised of DNS-Based Secured Email and Derived PIV Credentials, the NCCOE is certainly moving forward (as opposed to executing a flawed mandate laterally, as many Agencies appear to be orchestrating as of this writing...) as we had hoped for at the inception of the Center of Excellence. Outstanding!
The Cybersecurity Research Alliance (CSRA) (in partnership with NIST), has announced open registration for the organization's latest conference, entitled 'Designed-in Cybersecurity for Smart Cities: A Discussion of Unifying Architectures, Standards, Lessons Learned and R&D Strategies'. Slated for May 27th and 28th 2015, at the National Institute of Standards and Technology Gaithersburg, Maryland campus. Visit the Conference Site for additional information.
Earlier this month (in April 2015 if you are reading this post in the far distant future...) the National Institute of Standards and Technology (NIST) released NIST Draft NISTIR 8050; in which, an interesting summary appears of a technical workshop held at Stanford University in conjuction with the Presidents' Cybersecurity Summit.
Pursuant to completeing the draft cycle of the document, the National Cybersecurity Center of Excellence NNCoE (a Center of Excellence and a component of NIST) has issued a Call for Comments, focusing on the content of that document. In this instance, related to your agency, company, buereau, department, country or other organizations' information and/or cybersecurity issues. I've included a link to NISTIR 8050 to assist in fulfilling the Call for Comments. Enjoy.
NIST, the National Institute of Standards and Technology, has released a new internal report targeting replication device risk management (Replication devices reproduce images, objects or documents from an electronic or physical source, et cetera).
Entitled NIST Internal Report 8023 Risk Management for Replication Devices, the report provides clear and correct guidance to establish in-house methods, policies and procedures in the effort to provision the data stored within replication systems using the well-used infosecurity triad (Confidentiality, Integrity and Availability) as a baseline.
Replication devices are the perfect example of the so-called 'soft-underbelly' in many (if not all) organizations. These systems are quite often utilized for intelligence gathering activities due to on-board storage and other facilities that enable footprinting of historical data, thereby establishing timelines, and of course, all important raw data to accompany those timelines.