NIST Cybersecurity Framework 2.0

NIST has released version 2.0 of the Cybersecurity Framework:

The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It also has a new focus on governance, which encompasses how organizations make and carry out informed decisions on cybersecurity strategy. The CSF’s governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation…

Continue reading NIST Cybersecurity Framework 2.0

Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday

Industry professionals comment on the official release of the NIST Cybersecurity Framework 2.0. 
The post Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday appeared first on SecurityWeek.
Continue reading Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday

NIST Releases Cybersecurity Framework 2.0: Guide for All Organizations

By Deeba Ahmed
The first Cybersecurity Framework (CSF) was released in 2014.
This is a post from HackRead.com Read the original post: NIST Releases Cybersecurity Framework 2.0: Guide for All Organizations
Continue reading NIST Releases Cybersecurity Framework 2.0: Guide for All Organizations

NIST CSF 2.0 released, to help all organizations, not just those in critical infrastructure

The National Institute of Standards and Technology (NIST) has updated its widely utilized Cybersecurity Framework (CSF), a key document for mitigating cybersecurity risks. The latest version, 2.0, is tailored to cater to a broad range of audiences, spa… Continue reading NIST CSF 2.0 released, to help all organizations, not just those in critical infrastructure

Apple Announces Post-Quantum Encryption Algorithms for iMessage

Apple announced PQ3, its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022.

There’s a lot of detail in the Apple blog post, and more in Douglas Stabila’s security analysis.

I am of two minds about this. On the one hand, it’s probably premature to switch to any particular post-quantum algorithms. The mathematics of cryptanalysis for these lattice and other systems is still rapidly evolving, and we’re likely to break more of them—and learn a lot in the process—over the coming few years. But if you’re going to make the switch, this is an excellent choice. And Apple’s ability to do this so efficiently speaks well about its algorithmic agility, which is probably more important than its particular cryptographic design. And it is probably about the right time to worry about, and defend against, attackers who are storing encrypted messages in hopes of breaking them later on future quantum computers…

Continue reading Apple Announces Post-Quantum Encryption Algorithms for iMessage

Apple rolls out quantum-resistant cryptography for iMessage

The tech giant hopes to make its messaging platform secure against highly capable quantum computers of the future. 

The post Apple rolls out quantum-resistant cryptography for iMessage appeared first on CyberScoop.

Continue reading Apple rolls out quantum-resistant cryptography for iMessage

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis.
This is important, because a bunch of NIST’s post-quantum options base their security on lattice problems.
I worry about standard… Continue reading Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

NIST Establishes AI Safety Consortium

The mixed public and private consortium will focus on safety, standards and skills-building for AI generally and generative AI in particular. Continue reading NIST Establishes AI Safety Consortium