The Postal Service will set up a pilot of the Federal Cloud Credential Exchange this fall and begin testing in January, using SecureKey briidge.net Exchange, which already provides similar services for the Canadian government.
The program's standardized security controls can cover basic services like email and backup storage, but after that it gets complicated.
The program could move to cover high security requirements or standardize service-level agreements for agencies and providers.
NIST gives supply-chain security its own publication, offering guidelines for incorporating it into an agency's overall risk management program.
Apricorn's software-free Aegis Padlock Fortress keeps all data encrypted and protected from tampering.
Researchers from Georgia Tech demonstrate a prototype tool, ExecScent, that learns a network's normal traffic patterns to spot the command and control traffic from infected hosts. In live tests it identified dozens of new C&C domains and discovered hundreds of infected computers.
Silent Circle's decision to shut down its encrypted email service is the latest in a number of responses to the NSA's surveillance of sensitive communications.
Setting up a rogue IPv6 router on an IPv4 network gives attackers access to the host's Internet traffic, one more reason to enable IPv6 rather than waiting for an attacker to do it for you.
The product extends privilege management to admins, giving them enough control to do their jobs but restricting them to authorized tasks.
The convergence of computing and mobile telephony has made smartphones the new frontier of cybersecurity, with a host of new vulnerability research presented at this year’s Black Hat Briefings.
Researchers at Dell SecureWorks were able to monitor the command and control system of the persistent RAT, which was used in the 2010 RSA breach that also compromised DOD contractors and is still in wide use.
Recent research by Trend Micro shows ICS networks are frequently attacked -- and not by accident.