BLOG

Comment on Proposed Updates to the NICE Framework

NICE is continuing to refine and clarify the Workforce Framework for Cybersecurity (NICE Framework) as a fundamental reference resource that is agile, flexible, modular, and interoperable. Proposed Insider Threat Analysis Work RoleNICE is proposing one new Work Role for addition to the NICE Framework: Insider Threat Analysis. Codifying the Insider Threat Analysis Work Role in … Continue reading Comment on Proposed Updates to the NICE Framework
Tue, 28 Nov 2023 17:05:03 +0000

Joint Guidelines for Secure AI System Development

In a landmark collaboration, the Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom National Cyber Security Centre (NCSC) released Guidelines for Secure AI System Development. Co-sealed by 23 domestic and international cybersecurity organizations, this publication marks a significant step in addressing the intersection of artificial intelligence (AI), cybersecurity, and critical infrastructure. The Guidelines, complementing … Continue reading Joint Guidelines for Secure AI System Development
Mon, 27 Nov 2023 22:16:16 +0000

Microsoft Security Virtual Training Day: Protect Data and Mitigate Risk

Identify, remediate, and limit data risks at Security Virtual Training Day: Protect Data and Mitigate Risk from Microsoft Learn. At this free event, you’ll learn how to secure data and reduce risks with Microsoft Purview Information Protection and risk management solutions. You’ll also explore how to manage data protection policies across your organization to help … Continue reading Microsoft Security Virtual Training Day: Protect Data and Mitigate Risk
Sat, 25 Nov 2023 20:23:29 +0000

Microsoft Security Virtual Training Day: Security, Compliance and Identity Fundamentals

Grow your skills at Security Virtual Training Day: Security, Compliance, and Identity Fundamentals from Microsoft Learn. At this free, introductory event, you’ll gain the security skills and training you need to create impact and take advantage of opportunities to move your career forward. You’ll explore the basics of security, compliance, and identity—including best practices to … Continue reading Microsoft Security Virtual Training Day: Security, Compliance and Identity Fundamentals
Sat, 25 Nov 2023 16:17:39 +0000

Comment Period Extended to December 8th for Drafts of SP 800-73-5 and SP 800-78-5: PIV Interfaces, Algorithms, and Key Sizes

Comment Period Extended to December 8th for Drafts of SP 800-73-5 and SP 800-78-5: PIV Interfaces, Algorithms, and Key Sizes The public comment period has been extended to December 8, 2023, for the initial public drafts of NIST Special Publication (SP) 800-73-5 (Parts 1-3) and SP 800-78-5. Full details can be found in the announcement for these … Continue reading Comment Period Extended to December 8th for Drafts of SP 800-73-5 and SP 800-78-5: PIV Interfaces, Algorithms, and Key Sizes
Sat, 25 Nov 2023 16:10:57 +0000

Roadmap for Artificial Intelligence Adoption

The Cybersecurity and Infrastructure Security Agency (CISA) released its Roadmap for Artificial Intelligence (AI), adding to the significant whole-of-government effort to ensure the secure development and implementation of Artificial Intelligence capabilities, and operationalizing its responsibilities as provided in Executive Order (EO) 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). As the … Continue reading Roadmap for Artificial Intelligence Adoption
Sat, 25 Nov 2023 16:10:02 +0000

StopRansomware: Rhysida Ransomware

This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories … Continue reading StopRansomware: Rhysida Ransomware
Sat, 25 Nov 2023 16:09:22 +0000

NCCoE Releases Draft NIST IR 8496 for Data Classification

The NIST National Cybersecurity Center of Excellence (NCCoE) has released for public comment Draft NIST Internal Report (NIST IR) 8496, Data Classification Concepts and Considerations for Improving Data Protection. The comment period is open now through January 9, 2024.   About the Report  This publication defines basic terminology and explains fundamental concepts in data classification so … Continue reading NCCoE Releases Draft NIST IR 8496 for Data Classification
Sat, 25 Nov 2023 16:08:35 +0000

Scattered Spider

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released this Joint Cybersecurity Advisory in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. Scattered Spider is a … Continue reading Scattered Spider
Sat, 25 Nov 2023 16:07:54 +0000

NJCCIC Weekly Bulletin

The incidence of zero-day exploitation has shown an alarming increase on a global scale, significantly affecting federal government agencies, particularly over the last month, as emphasized by the Cybersecurity and Infrastructure Security Agency (CISA). Despite an overall decline in these vulnerabilities, federal government analysts observed an increase in zero-day exploits. This uptick indicates evolving tactics … Continue reading NJCCIC Weekly Bulletin
Sat, 25 Nov 2023 16:07:14 +0000