Now Available for Public Comment! NIST CSF 2.0 Manufacturing Profile
The NIST Internal Report (IR) 8183 Revision 2, Cybersecurity Framework Version 2.0 Manufacturing Profile has been published and we’re excited for your feedback! The comment period is now open through November 17, 2025. As cybersecurity threats to critical infrastructure continue to escalate in frequency and severity, it is crucial for manufacturing organizations to implement robust …
Continue reading Now Available for Public Comment! NIST CSF 2.0 Manufacturing ProfileTue, 30 Sep 2025 21:25:38 +0000
NIST Releases Draft Enhanced Security Requirements and Assessment Procedures for Protecting CUI
SP 800-172r3 and SP 800-172Ar3 Now Available for Public Comment! As part of ongoing efforts to strengthen the protections for securing controlled unclassified information (CUI) in nonfederal systems, NIST has released the following drafts for comment: Both drafts implement a one-time “revision number” change for consistency with SP 800-171r3 and SP 800-171Ar3. Public Comment Period …
Continue reading NIST Releases Draft Enhanced Security Requirements and Assessment Procedures for Protecting CUI Tue, 30 Sep 2025 21:24:48 +0000
Multiple Vulnerabilities in VMware Aria Operations and VMware Tools Could Allow for Privilege Escalation – PATCH NOW
Multiple vulnerabilities have been discovered in VMware Aria Operations and VMware Tools, the most severe of which could allow for privilege escalation to root. VMware Aria is a multi-cloud management platform that provides automation, operations, and cost management for applications and infrastructure across private, public, and hybrid cloud environments. Successful exploitation of the most severe …
Continue reading Multiple Vulnerabilities in VMware Aria Operations and VMware Tools Could Allow for Privilege Escalation – PATCH NOWTue, 30 Sep 2025 21:23:43 +0000
OT Security Series: Keeping Your Industrial Systems Safe from USB Threats
Two-Pager Now Available! Reducing Cyber Risk of Portable Storage Media in OT Environments The NIST National Cybersecurity Center of Excellence (NCCoE) has finalized a guide, NIST Special Publication (SP) 1334, Reducing the Cybersecurity Risks of Portable Storage Media in Operational Technology (OT) Environments, to help organizations protect their industrial control systems from cybersecurity threats when using …
Continue reading OT Security Series: Keeping Your Industrial Systems Safe from USB ThreatsTue, 30 Sep 2025 21:22:24 +0000
NEW BLOG | Updating Foundational Activities for IoT Product Manufacturers
Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers’ cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout …
Continue reading NEW BLOG | Updating Foundational Activities for IoT Product ManufacturersTue, 30 Sep 2025 15:53:57 +0000
Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution – PATCH NOW
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Cisco is a leading technology company best known for its networking hardware and software, such as routers and switches, that form the backbone of the internet and enterprise networks. Successful exploitation of the most severe of …
Continue reading Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution – PATCH NOWTue, 30 Sep 2025 15:50:58 +0000
Oh, Behave! The Cybersecurity Attitudes and Behaviors Report is here!
OH, BEHAVE! The 2025 Cybersecurity Attitudes and Behaviors Report is now available Each year, the National Cybersecurity Alliance and CybSafe release research to better understand the public’s security behavior and to act as a call to action for better secure habits online. Download Oh, Behave! With support from international partners across seven countries, this year’s report polls …
Continue reading Oh, Behave! The Cybersecurity Attitudes and Behaviors Report is here!Tue, 30 Sep 2025 15:49:44 +0000
Guidelines for Media Sanitization: NIST Publishes SP 800-88r2
NIST has released Special Publication (SP) 800-88r2 (Revision 2), Guidelines for Media Sanitization. Media sanitization is a process that renders access to the target data on media infeasible for a given level of effort. This guide will assist organizations and system owners in setting up a media sanitization program with proper and applicable methods and …
Continue reading Guidelines for Media Sanitization: NIST Publishes SP 800-88r2Tue, 30 Sep 2025 15:47:27 +0000
Materials Now Available: NCCoE DevSecOps Virtual Event
The National Cybersecurity Center of Excellence (NCCoE) hosted a virtual event on August 27, 2025, to discuss and gather feedback on the NCCoE Development, Security and Operations (DevSecOps) project. Recap: This virtual event focused on the preliminary draft of NIST Special Publication (SP) 1800-44, Secure Software Development, Security, and Operations Practices. Key discussion topics …
Continue reading Materials Now Available: NCCoE DevSecOps Virtual EventTue, 30 Sep 2025 15:45:43 +0000
Vulnerability in Nx (build system) Package Could Allow for Sensitive Data Exfiltration
A vulnerability has been discovered in Nx (build system) Package, which could allow for sensitive data exfiltration. Nx is a smart, fast, and extensible build system designed for managing monorepos efficiently by providing features like dependency graph analysis, computation caching, distributed task execution, and codebase upgrades. Successful exploitation of this vulnerability could allow threat actors …
Continue reading Vulnerability in Nx (build system) Package Could Allow for Sensitive Data ExfiltrationTue, 30 Sep 2025 15:44:57 +0000