NIST

Too many agencies asleep at the wheel as IPv6 deadline looms

Just days before the deadline for enabling the next generation of Internet Protocols on web sites, more than half have not yet begun to do so, according to NIST. Meanwhile, the supply of IPv4 addresses continues to run out.

The perils of bad patch management

Known vulnerabilities provide the most frequently attacked targets in commonly used software. NIST offers updated guidance for handling this crucial and challenging chore.

Time to give up on Java?

The zero-day window for the latest Java vulnerability has officially closed, but agencies still have to decide whether the benefits of running Java on their computers outweigh the risks.

The grace period on mobile security is over

As the bad guys turn their attention to mobile devices, the government has begun mapping out security that needs to be incorporated in coming generations of this technology.

How to respond to the inevitable security breach

Incident response has become an integral part of IT security and NIST offers updated guidelines for handling breaches.

BIOS' 'privileged position' makes it a target for sophisticated attacks

The Basic Input/Output System that boots a computer could be an attractive target for sophisticated exploits, and the complexity of servers creates specific challenges that NIST addresses in new security guidelines.

Students 3D print a boat from milk jugs -- are jetliners next?

If a student team can build a homemade 3D printer that can produce a boat, the administration's $60 million foray into advanced manufacturing technology could hold promise.

As cyber threats get smarter, prevention must keep pace

NIST offers practical guidance on intrusion detection and prevention systems to help counter the new breed of stealthy, targeted attacks.

Federal ID cards: Iris imaging in, fingerprint swiping out

NIST proposed new options for using iris recognition as an alternative to fingerprints in federal Personal Identity Verification.

Like it or not, password management is a must

As more of our life moves online we still are looking for an identity management scheme that is practical, secure and scalable. Don't hold your breath.

State not following NIST cloud guidelines, IG report says

State's Systems and Integration Office has made a strong effort to promulgate a mission statement and a set of goals, but lacks adequate controls and procedures to monitor its multi-year contracts, IG report says.

PIV card specs to account for mobile, other new factors

Proposed changes in FIPS 201 reflect changes in the technology and environment in which the federal PIV cards for government workers and contractors are used.

Mobile security guide catches up with smart phones, BYOD

NIST's revised guidance sharpens the focus of the original publication, released in 2008, excluding laptops and low-end cell phones, and covering both enterprise-issued devices and BYOD.

When storms attack, Smart Grid could reduce outages, speed recovery

Bad weather in the past year has done what terrorists haven’t managed – disrupt power for a week or more at a time. Officials say Smart Grid technology could ease the pain.

NIST guide explains cloud in plain terms

The guidance gives general how-tos in five areas: management, data governance, security and reliability, virtual machines, and software and applications.

10 recommendations for securing the IT supply chain

NIST's streamlined guidance on risk management focuses on a set of key recommendations for ensuring the security and reliability of information and communications systems.

Tool provides out-of-the box FedRAMP compliance

Agilance's Federal Risk and Authorization Management Program Content Pack includes the baseline security controls required of cloud service providers.