Pulse

By GCN Staff

Blog archive
NIST drafts security building blocks

NIST drafts security building blocks

NIST has proposed two new building blocks to improve email security and to provide security services based on personal identity verification (PIV) credentials through mobile devices.

The building blocks cover cybersecurity implementations that apply to multiple industry sectors and will be incorporated into many of the National Cybersecurity Center of Excellence’s sector-specific use cases. Final versions of the building blocks result in NIST Cybersecurity Practice Guides (Special Publication series 1800), which describe the practical steps needed to implement a cybersecurity reference design.

The draft building block "Domain Name System-Based Security for Electronic Mail" proposes using the DNS-based Authentication of Named Entities (DANE) protocol to help prevent unauthorized parties from reading or modifying an organization's email or using it as a vector for malware.

The draft building block "Derived Personal Identity Verification (PIV) Credentials" proposes a way for mobile devices to use two-factor authentication without specialized card readers, which read the identity credentials embedded in on-card computer chips to ensure authorized access to computer systems or facilities. With derived credentials, mobile device users could get the same level of security with their mobile devices that desktop users get with card-reader access.

The comment period for each is open until Aug. 14, 2015.

Posted by GCN Staff on Jul 07, 2015 at 1:00 PM


Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected