CURBy: A quantum random number generator you can verify
NIST and the University of Colorado Boulder have created a public service that delivers random numbers using quantum mechanics. Called the Colorado University Randomness …
19 ways to build zero trust: NIST offers practical implementation guide
The National Institute of Standards and Technology (NIST) has released a new guide that offers practical help for building zero trust architectures (ZTA). The guidance, titled …
NIST proposes new metric to gauge exploited vulnerabilities
NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and …
NIST selects HQC as backup algorithm for post-quantum encryption
Last year, NIST standardized a set of encryption algorithms that can keep data secure from a cyberattack by a future quantum computer. Now, NIST has selected a backup …
The compliance illusion: Why your company might be at risk despite passing audits
For many CISOs, compliance can feel like a necessary evil and a false sense of security. While frameworks like ISO 27001, SOC 2, and PCI DSS offer structured guidelines, they …
NIST report on hardware security risks reveals 98 failure scenarios
NIST’s latest report, “Hardware Security Failure Scenarios: Potential Hardware Weaknesses” (NIST IR 8517), explores the hidden vulnerabilities in computer …
NIST is chipping away at NVD backlog
The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but …
NIST releases finalized post-quantum encryption standards
NIST has finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer. The announced algorithms are specified in the first …
Coding practices: The role of secure programming languages
Safety and quality are not features that can be added through testing — they must be integral to the design. Opting for a safer or more secure language or language subset …
NIST says NVD will be back on track by September 2024
The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and …
NIST unveils ARIA to evaluate and verify AI capabilities, impacts
The National Institute of Standards and Technology (NIST) is launching a new testing, evaluation, validation and verification (TEVV) program intended to help improve …
The evolution of security metrics for NIST CSF 2.0
CISOs have long been spreadsheet aficionados, soaking up metrics and using them as KPIs for security progress. These metrics have traditionally measured specific systems or …