Skip to main content

Tag: national institute of standards and technology

83 articles

Overflowing inbox with papers and a prominent rating sheet on top.

NIST Scales Back Vulnerability Ratings Amid Surge in Submissions

The National Institute of Standards and Technology is overhauling its vulnerability rating system, scaling back severity scores for lower-priority flaws as submissions surge. This change means some software flaws will no longer get a severity score, shifting focus to the most critical vulnerabilities.

Analyst 207
digital identity: Must-Have Defenses to Stop Risky Breaches

digital identity: Must-Have Defenses to Stop Risky Breaches

Now more than ever, digital identity—the credentials, attributes and policies for people, devices and AI agents—is the first and last line of defense; treat service accounts, API keys and tokens with the same rigor as human credentials to stop one misconfiguration or stolen token from triggering a catastrophic breach.

Analyst 207
integrated incident response: Must-Have Best Practices

integrated incident response: Must-Have Best Practices

When alarms won’t stop, what counts is not the noise but how quickly your teams move from scattered alerts to coordinated action. Unifying IT, security and continuity — with shared telemetry, playbooks and rehearsed handoffs — speeds recovery, protects people and keeps trust intact.

Analyst 207
penetration testing: Must-Have Tips to Avoid Risky Costs

penetration testing: Must-Have Tips to Avoid Risky Costs

Passing a pen test feels great — until the invoice arrives and the same vulnerability makes the headlines, exposing whether you paid for real security or just a shiny compliance report. Treat testing as continuous, threat-informed risk management: scope by business impact, budget for remediation and retesting, and combine automated checks with expert red teams to avoid costly surprises.

Analyst 207
public Wi‑Fi Must-Have Security: Best Practices

public Wi‑Fi Must-Have Security: Best Practices

Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

Analyst 207
Embed AI Now: Must-Have Fix to Reduce Risk

Embed AI Now: Must-Have Fix to Reduce Risk

AI can find vulnerabilities in seconds but also flood teams with noisy alerts — embedding AI thoughtfully with context-aware scoring, human-in-the-loop checks, and better telemetry turns automation into a force-multiplier that speeds remediation and reduces risk.

Analyst 207
AI and machine learning: Must-Have Best Efficiency Boost

AI and machine learning: Must-Have Best Efficiency Boost

From outdated systems to AI-powered workflows, federal agencies can speed services, cut backlogs, and predict risks to stretch scarce resources — but doing it right means modernizing data, upskilling staff, and baking in strong safeguards so innovation boosts efficiency without sacrificing accountability.

Analyst 207
Cybersecurity Testbed and Learning: Must-Have, Best Fit

Cybersecurity Testbed and Learning: Must-Have, Best Fit

Ditch the theory-only classroom—NIST’s Cybersecurity Testbed and Learning plugs students into real-world research environments where hands-on experiments, mentorship, and standards-driven projects turn curiosity into career-ready skills. The result: more confident graduates, faster-to-contribute hires, and a stronger, ethics-minded pipeline for tackling today’s digital threats.

Analyst 207
reducing cyber risk: Must-Have Culture for Best Defense

reducing cyber risk: Must-Have Culture for Best Defense

Technology can only take you so far—attackers now target people and culture, not just systems. Building a stronger security culture with clear policies, consistent training, and aligned incentives is the simplest, most effective way to cut cyber risk.

Analyst 207
facial recognition: Stunning Risks Expose Flaws

facial recognition: Stunning Risks Expose Flaws

Lab-perfect facial recognition often stumbles in the real world—poor lighting, low-quality cameras, masks and demographic bias can turn high benchmark scores into risky guesses on the street. Before we let cameras decide who’s innocent or guilty, we need real-world testing, transparency, and rules that protect people.

Analyst 207
White House plan: Stunning but Risky Advantage vs China

White House plan: Stunning but Risky Advantage vs China

The White House’s new AI plan marshals funding, procurement, and standards to help the U.S. close the gap with China—but critics warn it could entrench big tech, squeeze startups, and spur a risky tech cold war. Whether it accelerates broad innovation or simply concentrates power will come down to how wisely the plan is implemented.

Analyst 207
NIST Cyber AI Profile: Must-Have Guide to Best Defenses

NIST Cyber AI Profile: Must-Have Guide to Best Defenses

NIST’s Cyber AI Profile brings technologists, policymakers, and everyday users together to build practical defenses against AI-enabled attacks—balancing strong security with the innovation that powers our digital lives.

Analyst 207
AI Cybersecurity Threats: Must-Have Best Practices

AI Cybersecurity Threats: Must-Have Best Practices

AI can be both defender and threat—and NIST’s NCCoE is leading virtual sessions to shape the Cyber AI Profile, offering practical guidance to spot AI-enabled risks and harden defenses. Whether you’re a technologist, policymaker, or business leader, this essential guide shows how to harness AI safely and stay ahead of evolving cyber threats.

Analyst 207
AI Cyber Defense: Must-Have Strategies for Best Security

AI Cyber Defense: Must-Have Strategies for Best Security

Join NIST NCCoE’s virtual working sessions to explore how the Cyber AI Profile can harness AI to sharpen threat detection, cut alert fatigue, and strengthen defenses—while tackling the ethical and security risks that come with it. Technologists, policymakers, and practitioners are invited to collaborate and shape trustworthy, practical AI-driven cybersecurity solutions.

Analyst 207
Zero Trust Architecture Must-Have Best Practices

Zero Trust Architecture Must-Have Best Practices

As threats outpace perimeter defenses, NIST’s practical Zero Trust guide shows how to move from assumed safety to continuous verification using everyday tools like MFA, IAM, micro‑segmentation, and telemetry. Start with high‑impact, low‑effort steps and treat Zero Trust as an ongoing program to cut risk without slowing your business.

Analyst 207
IoT security standards: Must-Have Best Defenses

IoT security standards: Must-Have Best Defenses

As IoT devices weave into our homes and critical systems, securing their initial provisioning is essential—NIST SP 1800-36 offers practical, actionable guidance to harden credential issuance and reduce breaches. By adopting its best practices for strong device identity, secure bootstrapping, and lifecycle management, manufacturers, integrators, and users can close a major attack vector and restore trust in connected tech.

Analyst 207
NIST Privacy Framework: Must-Have for Stronger Security

NIST Privacy Framework: Must-Have for Stronger Security

NIST just overhauled its Privacy Framework to make protecting personal data simpler, more actionable, and better aligned with cybersecurity practices. The update helps organizations of all sizes bake privacy into product design, respond faster to threats, and rebuild trust with users.

Analyst 207
Industrial Digital Ecosystem: Must-Have Best Practices

Industrial Digital Ecosystem: Must-Have Best Practices

Imagine an industrial revolution powered not by lone breakthroughs but by a connected ecosystem where shared data, common standards, and built-in trust let factories and supply chains plug in and innovate together. The Open Industrial Digital Ecosystem Summit showed how inclusive governance, security-first design, and interoperable semantics can unlock faster innovation, lower costs, and fairer access for businesses of all sizes.

Analyst 207
PoisonSeed Hack: Must-Have Warning of Risky Breach

PoisonSeed Hack: Must-Have Warning of Risky Breach

The PoisonSeed Hack reveals how clever QR-based phishing can trick FIDO authenticators—meaning even “phishing-resistant” logins can be hijacked when users approve vague prompts. Learn how to spot fake QR flows, tighten approval UX, and train teams so attackers can’t exploit convenience and trust.

Analyst 207
Quantum cryptography: Stunning Simplicity, Best Defense

Quantum cryptography: Stunning Simplicity, Best Defense

Quantum computing is forcing a rethink: do we chase mathematically dazzling but fragile schemes, or choose clear, well-tested algorithms that actually protect real systems? Peter Gutmann’s blunt critique of NIST’s post‑quantum work is a wake‑up call to prioritize simplicity, transparency, and deployability alongside theoretical strength.

Analyst 207
Digital Citizen Services: Must-Have Security Best Practices

Digital Citizen Services: Must-Have Security Best Practices

As cities move services online, recent attacks on Hoboken and Killeen show that convenience brings real risk—security must be built in, not bolted on, to protect services, data, and public trust. By investing in people, policies, and modern tech now, municipalities can turn vulnerability into resilience before the next outage.

Analyst 207
Legal Metrology: Must-Have Guide to Best Digital Standards

Legal Metrology: Must-Have Guide to Best Digital Standards

As sensors, algorithms and cloud services replace needles and balances, legal metrology must modernize to keep commerce fair and consumers safe—this practical guide lays out the digital standards, tools and steps regulators, developers and businesses need for transparent, auditable measurements. Learn how to balance innovation with enforceable rules—from cryptographic attestation and continuous conformity to clear consumer verification—so technology builds trust, not confusion.

Analyst 207
Iris Recognition: Must-Have Best Practices for Privacy

Iris Recognition: Must-Have Best Practices for Privacy

At the Iris Experts Group Annual Meeting, technologists, policymakers, and privacy advocates came together to chart a path for making iris recognition more accurate, fair, and secure—without sacrificing civil liberties. The result: concrete steps on better algorithms, interoperable standards, independent audits, and privacy-by-design practices to build trust as this powerful technology goes mainstream.

Analyst 207
5G cybersecurity Must-Have: Best Protection Guide

5G cybersecurity Must-Have: Best Protection Guide

As 5G spreads, new cyber risks multiply—NCCoE’s latest white paper lays out practical, must-have principles to design secure 5G networks from the ground up. Whether you’re a tech leader or policymaker, this guide helps you balance innovation and safety to protect devices, data, and critical infrastructure.

Analyst 207