Skip to main content

Tag: nist

112 articles

Agentic AI: Essential, Effortless Adoption for Government

Agentic AI: Essential, Effortless Adoption for Government

Agentic AI—systems that act, decide and learn on their own—could streamline government operations and turbocharge crisis response. But it also creates fresh accountability and security risks, forcing agencies to choose how boldly to adopt it.

Analyst 207
3 Ways to Bolster Security: Must-Have Best Practices

3 Ways to Bolster Security: Must-Have Best Practices

Make Cybersecurity Awareness Month count: pause the shiny projects and shore up the fundamentals—tighten identity and access, prioritize vulnerability and attack‑surface reduction, and practice detection and response until it’s second nature. These simple, disciplined moves block the paths attackers love and cut risk far more than expensive, scattershot initiatives.

Analyst 207
Managed Identities: A Must-Have, Effortless Security Shift

Managed Identities: A Must-Have, Effortless Security Shift

Ditch brittle, hard‑coded secrets and give your apps platform‑native managed identities that auto‑rotate—security that just works. The payoff: fewer breaches, less ops overhead, and faster developer velocity.

Analyst 207
3 Steps to Tighten Security for Cybersecurity Month

3 Steps to Tighten Security for Cybersecurity Month

This Cybersecurity Awareness Month, forget flashy purchases and run a short, disciplined campaign to fix the basics: tighten identity and access controls, prioritize vulnerability management and attack‑surface reduction, and rehearse detection and response — small, focused moves that stop most breaches. Start now and turn playbooks into muscle memory before the next incident.

Analyst 207
digital identity: Must-Have Defenses to Stop Risky Breaches

digital identity: Must-Have Defenses to Stop Risky Breaches

Now more than ever, digital identity—the credentials, attributes and policies for people, devices and AI agents—is the first and last line of defense; treat service accounts, API keys and tokens with the same rigor as human credentials to stop one misconfiguration or stolen token from triggering a catastrophic breach.

Analyst 207
AI in security: Must-Have Best Practices for Resilience

AI in security: Must-Have Best Practices for Resilience

AI can supercharge defenses — but only if we secure the AI stack; discover practical best practices to protect data, harden models, and keep automation from becoming a single point of failure.

Analyst 207
zero trust Must-Have: Europe’s Best Security Playbook

zero trust Must-Have: Europe’s Best Security Playbook

Across Europe, zero trust has moved from IT theory to a regulatory expectation—policymakers now expect identity-centric controls, measurable resilience and risk reporting, so organizations must re-architect defenses or accept growing exposure. Start pragmatically: protect your highest-value assets with IAM, MFA and segmentation, measure risk reduction, and build privacy-preserving telemetry as you go.

Analyst 207
penetration testing: Must-Have Tips to Avoid Risky Costs

penetration testing: Must-Have Tips to Avoid Risky Costs

Passing a pen test feels great — until the invoice arrives and the same vulnerability makes the headlines, exposing whether you paid for real security or just a shiny compliance report. Treat testing as continuous, threat-informed risk management: scope by business impact, budget for remediation and retesting, and combine automated checks with expert red teams to avoid costly surprises.

Analyst 207
public Wi‑Fi Must-Have Security: Best Practices

public Wi‑Fi Must-Have Security: Best Practices

Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

Analyst 207
delivery of pentest results: Must-Have Best Practices

delivery of pentest results: Must-Have Best Practices

Penetration testing uncovers real attack paths, but static PDFs and emails let critical fixes stall — automating delivery into ticketing, CI/CD, and dashboards turns findings into fast, measurable remediation. Adopt continuous workflows to shrink exposure windows, boost collaboration, and make pen-test insights actually stick.

Analyst 207
Cursor Visual Studio extension: Stunning Risky Flaw

Cursor Visual Studio extension: Stunning Risky Flaw

A newly disclosed autorun flaw in the Cursor Visual Studio extension can let a repo run arbitrary code just by opening it—audit your extensions, open untrusted projects in isolated VMs or containers, and update or disable Cursor until it’s patched.

Analyst 207
hardware security Must-Have Standards for Best Defense

hardware security Must-Have Standards for Best Defense

As global tensions and supply‑chain shocks put chips at the center of national security, SUSHI@NIST is bringing engineers, industry and policy makers together to create measurable standards that make next‑gen hardware verifiably secure. If successful, those standards could turn trust into a testable feature of every device — lowering risk for buyers and raising the bar for attackers.

Analyst 207
in-space circular economy: Exclusive Must-Have for Safety

in-space circular economy: Exclusive Must-Have for Safety

Could we build a thriving market in orbit where satellites are repaired, parts recycled, and space resources harvested—without turning Earth’s skies into a junkyard? At NIST’s second seminar, engineers, policymakers, and industry leaders pushed the conversation from big ideas to practical standards, incentives, and next steps to make that vision real.

Analyst 207
Cybersecurity Testbed and Learning: Must-Have, Best Fit

Cybersecurity Testbed and Learning: Must-Have, Best Fit

Ditch the theory-only classroom—NIST’s Cybersecurity Testbed and Learning plugs students into real-world research environments where hands-on experiments, mentorship, and standards-driven projects turn curiosity into career-ready skills. The result: more confident graduates, faster-to-contribute hires, and a stronger, ethics-minded pipeline for tackling today’s digital threats.

Analyst 207
reducing cyber risk: Must-Have Culture for Best Defense

reducing cyber risk: Must-Have Culture for Best Defense

Technology can only take you so far—attackers now target people and culture, not just systems. Building a stronger security culture with clear policies, consistent training, and aligned incentives is the simplest, most effective way to cut cyber risk.

Analyst 207
facial recognition: Stunning Risks Expose Flaws

facial recognition: Stunning Risks Expose Flaws

Lab-perfect facial recognition often stumbles in the real world—poor lighting, low-quality cameras, masks and demographic bias can turn high benchmark scores into risky guesses on the street. Before we let cameras decide who’s innocent or guilty, we need real-world testing, transparency, and rules that protect people.

Analyst 207
White House plan: Stunning but Risky Advantage vs China

White House plan: Stunning but Risky Advantage vs China

The White House’s new AI plan marshals funding, procurement, and standards to help the U.S. close the gap with China—but critics warn it could entrench big tech, squeeze startups, and spur a risky tech cold war. Whether it accelerates broad innovation or simply concentrates power will come down to how wisely the plan is implemented.

Analyst 207
AI Cybersecurity Threats: Must-Have Best Practices

AI Cybersecurity Threats: Must-Have Best Practices

AI can be both defender and threat—and NIST’s NCCoE is leading virtual sessions to shape the Cyber AI Profile, offering practical guidance to spot AI-enabled risks and harden defenses. Whether you’re a technologist, policymaker, or business leader, this essential guide shows how to harness AI safely and stay ahead of evolving cyber threats.

Analyst 207
DevSecOps: Must-Have Best Practices for Ultimate Security

DevSecOps: Must-Have Best Practices for Ultimate Security

Join NIST NCCoE’s virtual event on August 27, 2025 to learn practical DevSecOps best practices from leading experts and discover how to weave security into every step of your software lifecycle. With cybercrime costs soaring, this is your chance to balance speed and safety through automation, compliance tips, and real-world lessons that make your software more resilient.

Analyst 207
Secure Software Development: Must-Have Best Practices

Secure Software Development: Must-Have Best Practices

Worried about the security of the software we all depend on? Join NIST NCCoE’s interactive DevSecOps virtual event on August 27, 2025, to hear experts, learn practical secure development practices, and help turn security from an afterthought into a foundation for every project.

Analyst 207
Business-Critical Assets: Must-Have Best Protection

Business-Critical Assets: Must-Have Best Protection

Protecting the assets that keep your business running isn’t just an IT task—it’s a strategic must; learn six practical, proven lessons to spot, prioritize, and defend the systems and data that power your revenue and operations. From risk-based prioritization and continuous monitoring to building a security-aware culture and testing response plans, these steps help you stay resilient as threats evolve.

Analyst 207
Securing AI Systems: Insights from NIST NCCoE Virtual Sessions

Securing AI Systems: Insights from NIST NCCoE Virtual Sessions

Join the conversation on securing our AI future! Discover how NISTs collaborative virtual sessions are paving the way for a robust Cyber AI Profile, ensuring that as AI becomes integral to our lives, it stays safe from evolving cyber threats.

Analyst 207
Comment Now on Draft SP 800-53 Controls for Secure Patches

Comment Now on Draft SP 800-53 Controls for Secure Patches

Join the conversation on NISTs draft updates to SP 800-53 and discover how these new guidelines can transform your approach to securing software patches—because safeguarding your systems has never been more crucial!

Analyst 207
Quantum Code Breaking: Why an 8-Bit Computer Outshines It

Quantum Code Breaking: Why an 8-Bit Computer Outshines It

In a surprising twist, an 8-bit computer might just steal the spotlight from quantum computing in the race to secure our most sensitive data. Join the debate and discover why experts like Peter Gutmann are raising eyebrows over the hype surrounding quantum code breaking!

Analyst 207