Comment on Proposed Updates to the NICE Framework
NICE is continuing to refine and clarify the Workforce Framework for Cybersecurity (NICE Framework) as a fundamental reference resource that is agile, flexible, modular, and interoperable. Proposed Insider Threat Analysis Work RoleNICE is proposing one new Work Role for addition to the NICE Framework: Insider Threat Analysis. Codifying the Insider Threat Analysis Work Role in …
Continue reading Comment on Proposed Updates to the NICE FrameworkTue, 28 Nov 2023 17:05:03 +0000
Joint Guidelines for Secure AI System Development
In a landmark collaboration, the Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom National Cyber Security Centre (NCSC) released Guidelines for Secure AI System Development. Co-sealed by 23 domestic and international cybersecurity organizations, this publication marks a significant step in addressing the intersection of artificial intelligence (AI), cybersecurity, and critical infrastructure. The Guidelines, complementing …
Continue reading Joint Guidelines for Secure AI System DevelopmentMon, 27 Nov 2023 22:16:16 +0000
Microsoft Security Virtual Training Day: Protect Data and Mitigate Risk
Identify, remediate, and limit data risks at Security Virtual Training Day: Protect Data and Mitigate Risk from Microsoft Learn. At this free event, you’ll learn how to secure data and reduce risks with Microsoft Purview Information Protection and risk management solutions. You’ll also explore how to manage data protection policies across your organization to help …
Continue reading Microsoft Security Virtual Training Day: Protect Data and Mitigate RiskSat, 25 Nov 2023 20:23:29 +0000
Microsoft Security Virtual Training Day: Security, Compliance and Identity Fundamentals
Grow your skills at Security Virtual Training Day: Security, Compliance, and Identity Fundamentals from Microsoft Learn. At this free, introductory event, you’ll gain the security skills and training you need to create impact and take advantage of opportunities to move your career forward. You’ll explore the basics of security, compliance, and identity—including best practices to …
Continue reading Microsoft Security Virtual Training Day: Security, Compliance and Identity FundamentalsSat, 25 Nov 2023 16:17:39 +0000
Comment Period Extended to December 8th for Drafts of SP 800-73-5 and SP 800-78-5: PIV Interfaces, Algorithms, and Key Sizes
Comment Period Extended to December 8th for Drafts of SP 800-73-5 and SP 800-78-5: PIV Interfaces, Algorithms, and Key Sizes The public comment period has been extended to December 8, 2023, for the initial public drafts of NIST Special Publication (SP) 800-73-5 (Parts 1-3) and SP 800-78-5. Full details can be found in the announcement for these …
Continue reading Comment Period Extended to December 8th for Drafts of SP 800-73-5 and SP 800-78-5: PIV Interfaces, Algorithms, and Key SizesSat, 25 Nov 2023 16:10:57 +0000
Roadmap for Artificial Intelligence Adoption
The Cybersecurity and Infrastructure Security Agency (CISA) released its Roadmap for Artificial Intelligence (AI), adding to the significant whole-of-government effort to ensure the secure development and implementation of Artificial Intelligence capabilities, and operationalizing its responsibilities as provided in Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). As the …
Continue reading Roadmap for Artificial Intelligence AdoptionSat, 25 Nov 2023 16:10:02 +0000
StopRansomware: Rhysida Ransomware
This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories …
Continue reading StopRansomware: Rhysida RansomwareSat, 25 Nov 2023 16:09:22 +0000
NCCoE Releases Draft NIST IR 8496 for Data Classification
The NIST National Cybersecurity Center of Excellence (NCCoE) has released for public comment Draft NIST Internal Report (NIST IR) 8496, Data Classification Concepts and Considerations for Improving Data Protection. The comment period is open now through January 9, 2024. About the Report This publication defines basic terminology and explains fundamental concepts in data classification so …
Continue reading NCCoE Releases Draft NIST IR 8496 for Data ClassificationSat, 25 Nov 2023 16:08:35 +0000
Scattered Spider
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released this Joint Cybersecurity Advisory in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. Scattered Spider is a …
Continue reading Scattered SpiderSat, 25 Nov 2023 16:07:54 +0000
NJCCIC Weekly Bulletin
The incidence of zero-day exploitation has shown an alarming increase on a global scale, significantly affecting federal government agencies, particularly over the last month, as emphasized by the Cybersecurity and Infrastructure Security Agency (CISA). Despite an overall decline in these vulnerabilities, federal government analysts observed an increase in zero-day exploits. This uptick indicates evolving tactics …
Continue reading NJCCIC Weekly BulletinSat, 25 Nov 2023 16:07:14 +0000