NIST published today its final guidelines for federal agencies to use when they provide unclassified but sensitive information to nonfederal workers, such as contractors or universities that work with the government.
The U.S. government-backed cybersecurity framework for the nation’s federal agencies and critical infrastructure sector—released one year ago today—has received a general thumbs up of approval from industry experts, who say the NIST guideline is proving a successful advent toward a better understanding of cyber risks and organizations’ vulnerabilities.
Cyberspace has security problems, and the U.S. government is trying to do something about it. The National Strategy for Trusted Identities in Cyberspace (NSTIC) is promoting a plan and taking actions to move citizens beyond usernames and passwords to more powerful methods of authentication. In recent years, massive data theft has occurred in the cyber realm. Even strong passwords are vulnerable to hackers.
|A U.S. paratrooper uses a handheld identity detection device to scan an Afghan man's iris while on patrol in Afghanistan's Ghazni province.|
The National Institute of Standards and Technology (NIST) has released the initial public draft of the first revision of the Guide for Conducting Risk Assessments (Special Publication 800-30). This revision shifts the focus of the guidelines from management to assessment, and NIST Special Publication 800-39 now replaces Special Publication 800-30 as the authoritative source of comprehensive risk management guidance.