Tag: national institute of standards and technology
83 articles

NIST Scales Back Vulnerability Ratings Amid Surge in Submissions
The National Institute of Standards and Technology is overhauling its vulnerability rating system, scaling back severity scores for lower-priority flaws as submissions surge. This change means some software flaws will no longer get a severity score, shifting focus to the most critical vulnerabilities.

digital identity: Must-Have Defenses to Stop Risky Breaches
Now more than ever, digital identity—the credentials, attributes and policies for people, devices and AI agents—is the first and last line of defense; treat service accounts, API keys and tokens with the same rigor as human credentials to stop one misconfiguration or stolen token from triggering a catastrophic breach.

integrated incident response: Must-Have Best Practices
When alarms won’t stop, what counts is not the noise but how quickly your teams move from scattered alerts to coordinated action. Unifying IT, security and continuity — with shared telemetry, playbooks and rehearsed handoffs — speeds recovery, protects people and keeps trust intact.

penetration testing: Must-Have Tips to Avoid Risky Costs
Passing a pen test feels great — until the invoice arrives and the same vulnerability makes the headlines, exposing whether you paid for real security or just a shiny compliance report. Treat testing as continuous, threat-informed risk management: scope by business impact, budget for remediation and retesting, and combine automated checks with expert red teams to avoid costly surprises.

public Wi‑Fi Must-Have Security: Best Practices
Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

Embed AI Now: Must-Have Fix to Reduce Risk
AI can find vulnerabilities in seconds but also flood teams with noisy alerts — embedding AI thoughtfully with context-aware scoring, human-in-the-loop checks, and better telemetry turns automation into a force-multiplier that speeds remediation and reduces risk.

AI and machine learning: Must-Have Best Efficiency Boost
From outdated systems to AI-powered workflows, federal agencies can speed services, cut backlogs, and predict risks to stretch scarce resources — but doing it right means modernizing data, upskilling staff, and baking in strong safeguards so innovation boosts efficiency without sacrificing accountability.

Cybersecurity Testbed and Learning: Must-Have, Best Fit
Ditch the theory-only classroom—NIST’s Cybersecurity Testbed and Learning plugs students into real-world research environments where hands-on experiments, mentorship, and standards-driven projects turn curiosity into career-ready skills. The result: more confident graduates, faster-to-contribute hires, and a stronger, ethics-minded pipeline for tackling today’s digital threats.

reducing cyber risk: Must-Have Culture for Best Defense
Technology can only take you so far—attackers now target people and culture, not just systems. Building a stronger security culture with clear policies, consistent training, and aligned incentives is the simplest, most effective way to cut cyber risk.

facial recognition: Stunning Risks Expose Flaws
Lab-perfect facial recognition often stumbles in the real world—poor lighting, low-quality cameras, masks and demographic bias can turn high benchmark scores into risky guesses on the street. Before we let cameras decide who’s innocent or guilty, we need real-world testing, transparency, and rules that protect people.

White House plan: Stunning but Risky Advantage vs China
The White House’s new AI plan marshals funding, procurement, and standards to help the U.S. close the gap with China—but critics warn it could entrench big tech, squeeze startups, and spur a risky tech cold war. Whether it accelerates broad innovation or simply concentrates power will come down to how wisely the plan is implemented.

NIST Cyber AI Profile: Must-Have Guide to Best Defenses
NIST’s Cyber AI Profile brings technologists, policymakers, and everyday users together to build practical defenses against AI-enabled attacks—balancing strong security with the innovation that powers our digital lives.

AI Cybersecurity Threats: Must-Have Best Practices
AI can be both defender and threat—and NIST’s NCCoE is leading virtual sessions to shape the Cyber AI Profile, offering practical guidance to spot AI-enabled risks and harden defenses. Whether you’re a technologist, policymaker, or business leader, this essential guide shows how to harness AI safely and stay ahead of evolving cyber threats.

AI Cyber Defense: Must-Have Strategies for Best Security
Join NIST NCCoE’s virtual working sessions to explore how the Cyber AI Profile can harness AI to sharpen threat detection, cut alert fatigue, and strengthen defenses—while tackling the ethical and security risks that come with it. Technologists, policymakers, and practitioners are invited to collaborate and shape trustworthy, practical AI-driven cybersecurity solutions.

Zero Trust Architecture Must-Have Best Practices
As threats outpace perimeter defenses, NIST’s practical Zero Trust guide shows how to move from assumed safety to continuous verification using everyday tools like MFA, IAM, micro‑segmentation, and telemetry. Start with high‑impact, low‑effort steps and treat Zero Trust as an ongoing program to cut risk without slowing your business.

IoT security standards: Must-Have Best Defenses
As IoT devices weave into our homes and critical systems, securing their initial provisioning is essential—NIST SP 1800-36 offers practical, actionable guidance to harden credential issuance and reduce breaches. By adopting its best practices for strong device identity, secure bootstrapping, and lifecycle management, manufacturers, integrators, and users can close a major attack vector and restore trust in connected tech.

NIST Privacy Framework: Must-Have for Stronger Security
NIST just overhauled its Privacy Framework to make protecting personal data simpler, more actionable, and better aligned with cybersecurity practices. The update helps organizations of all sizes bake privacy into product design, respond faster to threats, and rebuild trust with users.

Industrial Digital Ecosystem: Must-Have Best Practices
Imagine an industrial revolution powered not by lone breakthroughs but by a connected ecosystem where shared data, common standards, and built-in trust let factories and supply chains plug in and innovate together. The Open Industrial Digital Ecosystem Summit showed how inclusive governance, security-first design, and interoperable semantics can unlock faster innovation, lower costs, and fairer access for businesses of all sizes.

PoisonSeed Hack: Must-Have Warning of Risky Breach
The PoisonSeed Hack reveals how clever QR-based phishing can trick FIDO authenticators—meaning even “phishing-resistant” logins can be hijacked when users approve vague prompts. Learn how to spot fake QR flows, tighten approval UX, and train teams so attackers can’t exploit convenience and trust.

Quantum cryptography: Stunning Simplicity, Best Defense
Quantum computing is forcing a rethink: do we chase mathematically dazzling but fragile schemes, or choose clear, well-tested algorithms that actually protect real systems? Peter Gutmann’s blunt critique of NIST’s post‑quantum work is a wake‑up call to prioritize simplicity, transparency, and deployability alongside theoretical strength.

Digital Citizen Services: Must-Have Security Best Practices
As cities move services online, recent attacks on Hoboken and Killeen show that convenience brings real risk—security must be built in, not bolted on, to protect services, data, and public trust. By investing in people, policies, and modern tech now, municipalities can turn vulnerability into resilience before the next outage.

Legal Metrology: Must-Have Guide to Best Digital Standards
As sensors, algorithms and cloud services replace needles and balances, legal metrology must modernize to keep commerce fair and consumers safe—this practical guide lays out the digital standards, tools and steps regulators, developers and businesses need for transparent, auditable measurements. Learn how to balance innovation with enforceable rules—from cryptographic attestation and continuous conformity to clear consumer verification—so technology builds trust, not confusion.

Iris Recognition: Must-Have Best Practices for Privacy
At the Iris Experts Group Annual Meeting, technologists, policymakers, and privacy advocates came together to chart a path for making iris recognition more accurate, fair, and secure—without sacrificing civil liberties. The result: concrete steps on better algorithms, interoperable standards, independent audits, and privacy-by-design practices to build trust as this powerful technology goes mainstream.

5G cybersecurity Must-Have: Best Protection Guide
As 5G spreads, new cyber risks multiply—NCCoE’s latest white paper lays out practical, must-have principles to design secure 5G networks from the ground up. Whether you’re a tech leader or policymaker, this guide helps you balance innovation and safety to protect devices, data, and critical infrastructure.