NIST exploring possible DevSecOps framework for agencies
The National Institute of Standards and Technology is currently gathering information on products developed using the organizational philosophy to eventually issue guidance normalizing the process.
NIST’s Ron Ross argues for sharing threat intelligence
Today's growing infrastructure means that adversaries have an "unlimited opportunity to do damage," Ross says, recommending agencies do more to share threat intelligence.
NIST issues draft guidance for securing legacy IT systems, more
Ron Ross, NIST fellow and one of the agency’s cybersecurity experts, spoke with CyberScoop about the needed update.
NIST drops ‘federal’ from cyber controls guidance
The move to remove the word “federal” from the title of its magisterial catalogue of cybersecurity and privacy controls is one of a series of proposed changes.
So, you’ve assumed compromise. Now what?
The once-radical notion that cyber defenders should assume hackers are already in their network is now conventional wisdom. But the implications of it are still taking hold, experts and officials said Thursday.
New approach needed to IT, says NIST’s top cyber scientist
No amount of security software, firewalls or anomaly detection systems can protect an IT infrastructure that's fundamentally insecure and to deal with the looming cybersecurity crisis, a new approach to computer architecture is required, the National Institute of Standards and Technology's top computer security scientist told the president's commission on long-term cybersecurity.