Tag: nist
112 articles

Agentic AI: Essential, Effortless Adoption for Government
Agentic AI—systems that act, decide and learn on their own—could streamline government operations and turbocharge crisis response. But it also creates fresh accountability and security risks, forcing agencies to choose how boldly to adopt it.

3 Ways to Bolster Security: Must-Have Best Practices
Make Cybersecurity Awareness Month count: pause the shiny projects and shore up the fundamentals—tighten identity and access, prioritize vulnerability and attack‑surface reduction, and practice detection and response until it’s second nature. These simple, disciplined moves block the paths attackers love and cut risk far more than expensive, scattershot initiatives.

Managed Identities: A Must-Have, Effortless Security Shift
Ditch brittle, hard‑coded secrets and give your apps platform‑native managed identities that auto‑rotate—security that just works. The payoff: fewer breaches, less ops overhead, and faster developer velocity.

3 Steps to Tighten Security for Cybersecurity Month
This Cybersecurity Awareness Month, forget flashy purchases and run a short, disciplined campaign to fix the basics: tighten identity and access controls, prioritize vulnerability management and attack‑surface reduction, and rehearse detection and response — small, focused moves that stop most breaches. Start now and turn playbooks into muscle memory before the next incident.

digital identity: Must-Have Defenses to Stop Risky Breaches
Now more than ever, digital identity—the credentials, attributes and policies for people, devices and AI agents—is the first and last line of defense; treat service accounts, API keys and tokens with the same rigor as human credentials to stop one misconfiguration or stolen token from triggering a catastrophic breach.

AI in security: Must-Have Best Practices for Resilience
AI can supercharge defenses — but only if we secure the AI stack; discover practical best practices to protect data, harden models, and keep automation from becoming a single point of failure.

zero trust Must-Have: Europe’s Best Security Playbook
Across Europe, zero trust has moved from IT theory to a regulatory expectation—policymakers now expect identity-centric controls, measurable resilience and risk reporting, so organizations must re-architect defenses or accept growing exposure. Start pragmatically: protect your highest-value assets with IAM, MFA and segmentation, measure risk reduction, and build privacy-preserving telemetry as you go.

penetration testing: Must-Have Tips to Avoid Risky Costs
Passing a pen test feels great — until the invoice arrives and the same vulnerability makes the headlines, exposing whether you paid for real security or just a shiny compliance report. Treat testing as continuous, threat-informed risk management: scope by business impact, budget for remediation and retesting, and combine automated checks with expert red teams to avoid costly surprises.

public Wi‑Fi Must-Have Security: Best Practices
Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

delivery of pentest results: Must-Have Best Practices
Penetration testing uncovers real attack paths, but static PDFs and emails let critical fixes stall — automating delivery into ticketing, CI/CD, and dashboards turns findings into fast, measurable remediation. Adopt continuous workflows to shrink exposure windows, boost collaboration, and make pen-test insights actually stick.

Cursor Visual Studio extension: Stunning Risky Flaw
A newly disclosed autorun flaw in the Cursor Visual Studio extension can let a repo run arbitrary code just by opening it—audit your extensions, open untrusted projects in isolated VMs or containers, and update or disable Cursor until it’s patched.

hardware security Must-Have Standards for Best Defense
As global tensions and supply‑chain shocks put chips at the center of national security, SUSHI@NIST is bringing engineers, industry and policy makers together to create measurable standards that make next‑gen hardware verifiably secure. If successful, those standards could turn trust into a testable feature of every device — lowering risk for buyers and raising the bar for attackers.

in-space circular economy: Exclusive Must-Have for Safety
Could we build a thriving market in orbit where satellites are repaired, parts recycled, and space resources harvested—without turning Earth’s skies into a junkyard? At NIST’s second seminar, engineers, policymakers, and industry leaders pushed the conversation from big ideas to practical standards, incentives, and next steps to make that vision real.

Cybersecurity Testbed and Learning: Must-Have, Best Fit
Ditch the theory-only classroom—NIST’s Cybersecurity Testbed and Learning plugs students into real-world research environments where hands-on experiments, mentorship, and standards-driven projects turn curiosity into career-ready skills. The result: more confident graduates, faster-to-contribute hires, and a stronger, ethics-minded pipeline for tackling today’s digital threats.

reducing cyber risk: Must-Have Culture for Best Defense
Technology can only take you so far—attackers now target people and culture, not just systems. Building a stronger security culture with clear policies, consistent training, and aligned incentives is the simplest, most effective way to cut cyber risk.

facial recognition: Stunning Risks Expose Flaws
Lab-perfect facial recognition often stumbles in the real world—poor lighting, low-quality cameras, masks and demographic bias can turn high benchmark scores into risky guesses on the street. Before we let cameras decide who’s innocent or guilty, we need real-world testing, transparency, and rules that protect people.

White House plan: Stunning but Risky Advantage vs China
The White House’s new AI plan marshals funding, procurement, and standards to help the U.S. close the gap with China—but critics warn it could entrench big tech, squeeze startups, and spur a risky tech cold war. Whether it accelerates broad innovation or simply concentrates power will come down to how wisely the plan is implemented.

AI Cybersecurity Threats: Must-Have Best Practices
AI can be both defender and threat—and NIST’s NCCoE is leading virtual sessions to shape the Cyber AI Profile, offering practical guidance to spot AI-enabled risks and harden defenses. Whether you’re a technologist, policymaker, or business leader, this essential guide shows how to harness AI safely and stay ahead of evolving cyber threats.

DevSecOps: Must-Have Best Practices for Ultimate Security
Join NIST NCCoE’s virtual event on August 27, 2025 to learn practical DevSecOps best practices from leading experts and discover how to weave security into every step of your software lifecycle. With cybercrime costs soaring, this is your chance to balance speed and safety through automation, compliance tips, and real-world lessons that make your software more resilient.

Secure Software Development: Must-Have Best Practices
Worried about the security of the software we all depend on? Join NIST NCCoE’s interactive DevSecOps virtual event on August 27, 2025, to hear experts, learn practical secure development practices, and help turn security from an afterthought into a foundation for every project.

Business-Critical Assets: Must-Have Best Protection
Protecting the assets that keep your business running isn’t just an IT task—it’s a strategic must; learn six practical, proven lessons to spot, prioritize, and defend the systems and data that power your revenue and operations. From risk-based prioritization and continuous monitoring to building a security-aware culture and testing response plans, these steps help you stay resilient as threats evolve.

Securing AI Systems: Insights from NIST NCCoE Virtual Sessions
Join the conversation on securing our AI future! Discover how NISTs collaborative virtual sessions are paving the way for a robust Cyber AI Profile, ensuring that as AI becomes integral to our lives, it stays safe from evolving cyber threats.

Comment Now on Draft SP 800-53 Controls for Secure Patches
Join the conversation on NISTs draft updates to SP 800-53 and discover how these new guidelines can transform your approach to securing software patches—because safeguarding your systems has never been more crucial!

Quantum Code Breaking: Why an 8-Bit Computer Outshines It
In a surprising twist, an 8-bit computer might just steal the spotlight from quantum computing in the race to secure our most sensitive data. Join the debate and discover why experts like Peter Gutmann are raising eyebrows over the hype surrounding quantum code breaking!